[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
China-Nexus Actor Spy on US Researchers Undetected for a Year
Most CISOs Report Pressure to Bury Bad Security News
The Beginning of the End of Social Engineering
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
Claude Fable 5 Doesn't Change the Mythos Security Story
Phishing Attack Volume Down 20%, But Risk Still Rising
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure
Segmentation Works for OT If Operators Are Paying Attention
Ars Technica
Users cry foul after AMD stripped memory crypto from its consumer CPUs
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
High-severity vulnerability in Linux caused by a single faulty character
For the 2nd time in weeks, Microsoft packages laced with credential stealer
How a USB-connected speaker can infect a PC without ever being touched
Dashlane explains how attackers managed to download encrypted password vaults
Can't make sense of Dashlane's vault theft notification? You're not alone.
Dozens of Red Hat packages backdoored through its official NPM channel
Botnet of more than 17 million devices dismantled
CyberScoop
Google exposes China espionage group that’s been lurking in networks undetected since 2023
Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat 
Anthropic disables new models after government calls them a national security concern
FBI takes down massive China-based cybercrime network that caused $1.9B in losses
US, France, and Italian authorities shut down massive deepfake porn site
Conti ransomware group member pleads guilty, faces up to 20 years in prison
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
CyberCorps is adapting to AI. The budget isn’t keeping up.
Russian national charged in connection with Void Blizzard espionage campaign
OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers 
InfoSecurity Magazine
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
Cybersecurity Experts Urge US to Lift Ban on Anthropic's Frontier AI Models
UK Government Finds 400+ Vulnerabilities in AI Hackathons
Maine Takes Breach Reporting Portal Offline After Fake Entries
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
GitHub to Update npm to Thwart Software Supply Chain Attacks
Over 80% of Sports Organizations Targeted by Hackers in the Last Year
CISA Orders Agencies to Patch by Risk, Not Severity
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
SecurityWeek
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
Chinese Hackers Target Medical, Military, and AI Research in North America
NewCore Emerges From Stealth Mode With $66 Million in Funding
Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges
Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems
French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker
ShinyHunters Claims Council of Europe Hack
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service
Maine Disables Data Breach Portal Due to Fake Submissions 
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks
ZDNet
iOS 27 envy? 4 features you can already use on an Android phone (including Samsung models)
What the robot mower brands aren't telling you about their specs - and which ones are actually useful
25,000 miles later, my favorite Apple CarPlay apps remain functional, reliable, and mostly free
How to watch the FIFA World Cup 2026 today: 10 ways to stream (including free options)
How to download the iOS 27 developer beta (and which iPhone models support it)
6 Android Auto apps I wish I discovered sooner, because they make driving much easier
Your TV's RS-232 port is a seriously useful automation tool - how to unlock its full potential
How much RAM does your PC need in 2026? My advice after using Windows and Mac for years
5 best Prime Day Anker deals: Chargers, power stations, and more we recommend
RefreshOS is a top contender for new Linux users - here's why
The Hacker News
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
The Onboarding Password Mistake That Creates Unnecessary Risk
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
BleepingComputer
SimpleHelp bug lets hackers create rogue remote support accounts
OptinMonster WordPress plugin hacked in CDN supply-chain attack
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Council of Europe investigates ShinyHunters data breach claims
FBI: Fraudsters use couriers to steal money in crypto scams
Vibe coders are gonna vibe code: How CISOs are tackling code sprawl
Chinese hackers breach REDCap servers, steal medical research
New attack turned Microsoft 365 Copilot into 1-click data theft tool
Infinite Campus data breach affects 137,000 school staff accounts
Webinar: How behavioral AI stops phishing and account takeovers
gbhackers
Payroll Pirate Campaign Uses AiTM Session Hijacking to Bypass MFA and Redirect Salaries
Jenkins RCE Flaw Exploited by Attackers in the Wild
Windows 11 Update Causes System Freezes, Triggers BitLocker Recovery, and Breaks OneDrive
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
Cybersecurity Dive
China-nexus group linked to multiyear campaign targeting US, Canadian medical research
Cybersecurity experts blast US government for restricting Anthropic’s AI models
MS-ISAC enters uncertain new era after losing federal funding and thousands of members
Agentic AI surges in financial sector even as many firms fail to manage security risks
It’s Mythos’ world now. How do we live in it?
ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft
Enterprises report increasing budgets for security training in AI and other critical topics
FIFA World Cup expected to face extensive criminal, hacktivist cyber threats
CISA gives agencies new vulnerability remediation deadlines that take risk levels into account
CISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flaws
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher
Council of Europe hacked in ShinyHunters' PeopleSoft heist
Feds snooze as US datacenter law set to lapse with no replacement in site
Microsoft site throwing warnings after someone forgot to renew cert
PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data
Arch Linux locks down AUR signups amid wave of malicious commits
AI is code – and can't be prompted into being smarter
NanoClaw now armed with JFrog for safer packages
Fired IT worker jailed for 21 months after sabotaging old school district
Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod
VentureBeat
85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.
Attackers scale deception with AI. Defenders need truth at machine speed.
NanoClaw and JFrog launch 'immune system' to block AI agents from downloading malicious code
Meta's AI support agent bound recovery emails for anyone who asked. Your SOC never saw an alert.
Microsoft launches MXC, an OS-level sandbox for AI agents, with OpenAI and Nvidia already on board
Zip’s new AI agents want to stop your finance team from uploading contracts into personal ChatGPT accounts
Anthropic’s browser agent got hijacked 31.5% of the time before safeguards engaged
TechCrunch
Cybersecurity vets protest ‘dangerous’ US government ban on Anthropic’s most powerful models
As AI agents become employees, NewCore emerges with $66M to give them identities
Amazon CEO reportedly raised Anthropic model concerns before government crackdown
The FBI built its own replica small town to simulate real-world cyberattacks
Chinese cybercrime operation that used AI to scam ‘hundreds of thousands of victims’ sued by Google
US surveillance law to expire for first time after lawmakers reject Trump’s controversial pick to lead spy agencies
Oracle warns of security bug that hackers abused to breach 100+ companies
South Korea hits Coupang with $400M+ fine for data breach that affected millions
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
Network World Security
IBM sends signals with its $10 billion quantum pledge
NetBox at 10: Network inventory tool now a full infrastructure intelligence platform
How Jeetu Patel made Cisco unrecognizable
Amazon claims its data centers are 7x more water-efficient than the industry average
Marvell announces 102.4 Tbps switch silicon built for AI
IBM, ServiceNow team to bring AI to legacy enterprise systems
AI-powered WAF, virtual patching: How F5 is hardening networks against frontier threats
A quick look at Cisco’s strategy to become a software monster
Residential proxies are hiding in plain sight inside enterprise networks
OpenAI weighs Nvidia-backed lease for 10 GW Ohio data center campus
Help Net Security
Chinese hackers breached North American research institutions via REDCap servers
China-linked spies backdoored authentication stack to stay hidden for years
Delinea and Cyera integrate for data-aware identity security
1Password Credential Broker reduces secret sprawl through identity-based credential delivery
Trust3 AI’s AgentDOS monitors AI agent activity, data access, and token consumption
Omada Agent Governance helps organizations manage AI agent access, risk, and compliance
Ukrainian national pleads guilty in connection with Conti ransomware
Red Sift, GMO GlobalSign partnership simplifies email authentication and BIMI adoption
AI vulnerability discovery is pushing 2026 CVEs toward 66,000
PhishLumos: Exposing phishing campaigns that evade detection by hiding content
SC Magazine
PAN-OS GlobalProtect bug actively exploited, added to CISA's KEV list
What Is Identity Governance and Administration?
Why CISA's 3-day patching mandate misses the point
New Argamal malware disguised as adult games targets users
Former IT employee sentenced to 21 months for school district cyberattack
Conan O'Brien stars in new cybersecurity training series
FBI builds replica town to train agents in cyberattack investigation
Why non-human identities (NHIs) require a change in mindset
Securing the model: Protecting AI systems from compromise
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463
© 2026 RiskDiscovery | Sponsored by: Deception Logic