[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Name That Toon Contest
CISA Rewrites Federal Patching Requirements for AI Threat Era
Bug Bounty Research Triggers ServiceNow Security Alert
AI Risk Worries Insurers and Businesses Alike
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet
The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life
Blame AI: Patch Tuesday Hits Record 206 CVEs
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Ars Technica
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
High-severity vulnerability in Linux caused by a single faulty character
For the 2nd time in weeks, Microsoft packages laced with credential stealer
How a USB-connected speaker can infect a PC without ever being touched
Dashlane explains how attackers managed to download encrypted password vaults
Can't make sense of Dashlane's vault theft notification? You're not alone.
Dozens of Red Hat packages backdoored through its official NPM channel
Botnet of more than 17 million devices dismantled
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
Websites have a new way to spy on visitors: Analyzing their SSD activity
CyberScoop
OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers 
CISA directive orders agencies to prioritize vulnerability patching in a new way
Microsoft breaks Patch Tuesday record with 206 vulnerabilities
Anthropic’s new model is Mythos on a leash
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
Cisco customers encounter another SD-WAN zero-day under attack
Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint
The AI security race needs accountability, not overregulation
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away
Hill Dems hammer GOP for $250M CISA budget cut
InfoSecurity Magazine
Fake Software Tutorials on TikTok Spread Vidar Stealer
Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks
New SilabRAT Trojan Hijacks Sessions to Steal Crypto
New Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic Announces
Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows
Microsoft Fixes 200 CVEs in June Patch Tuesday
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds
AI Coding Adoption Hits 97% but Governance Lags Behind
Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request
Google Releases Patch for Chrome Vulnerability Exploited in the Wild
SecurityWeek
Infostealers Turn Millions of Devices Into Credential Theft Machines
Cyera Raises $600 Million at $12 Billion Valuation
Aryon Security Raises $29 Million in Series A Funding
Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers
CISO Forum Webinar Today: 2026 Mid-Year Review
New Windows Zero-Day Exploit ‘RoguePlanet’ Released
After AI Reaches Production: 12 Ways Security Teams Can Take Control
ServiceNow Patches Vulnerability Exploited Against Some Customers
Critical Vulnerabilities Patched in Fortinet, Ivanti Products
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact
ZDNet
The best early Prime Day Samsung deals: Save big on Galaxy phones, tablets, and more
Everything announced at Apple WWDC 2026 - including Siri, iOS 27 dev beta, and more
Best early Amazon Prime Day phone deals: Save over 20% on Samsung and Google devices
How to try the new Siri AI - join the waitlist today
The best early Amazon Prime Day deals: I found editor-approved tech already on sale
3 signs someone is stealing your Wi-Fi - and how to kick them off
Will your iPhone support Siri AI? The answer is complicated
I found a free Android app that makes deleting photos as easy as swiping left
Amazon just slashed the AirPods Pro 3 price to the lowest we've ever seen
The best Walmart deals to compete with Prime Day: Laptops, TVs, smart glasses, and more
The Hacker News
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
BleepingComputer
Path traversal flaw in AI dev platform Langflow exploited in attacks
The ‘Miasma’ worm source code briefly leaked on GitHub
GitHub announces npm security changes to tackle supply-chain attacks
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
China-linked JDY botnet expands targeting of U.S. military networks
The 5 Best Practices for Secure Identity Verification
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft: Some Windows PCs fail to install latest monthly updates
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
Ivanti: Max severity Sentry flaw allows code execution as root
gbhackers
Cloud Security Report Finds Fragmented Tools Widening the Cloud Complexity Gap
73 Microsoft Packages Weaponized in Password Stealer Attack
New Windows CTF 0-Day Vulnerability Lets Attackers Gain Elevated Privileges
Hackers Use Fake Utility Downloads to Deploy ScreenConnect and Cryptominers
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
Malicious npm Package ‘dbmux’ Targets Developers
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
OpenClaw AI Agent Leaks Credentials in Phishing Simulation
Cybersecurity Dive
CISA gives agencies new vulnerability remediation deadlines that take risk levels into account
CISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flaws
Companies are failing to keep up with AI’s identity sprawl, creating entry points for hackers
Check Point warns of zero-day flaw targeted by ransomware affiliate
IT sector faces growing threats from IP-hungry China, AI-enabled cybercriminals
Cyber insurance policyholders facing heavier scrutiny in underwriting, claims
Companies aren’t prepared for how AI is accelerating impersonation attacks
The new risk equation: Why endpoint security is a financial imperative
Cisco warns zero-day flaw in SD-WAN is being exploited
Sprawling new House AI bill includes frontier model oversight, open-source security grants
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Angry bug hunter with Microsoft beef drops new Windows 0-day
GitHub pulls pin on npm's auto-run scripts
Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
AI is making Patch Tuesday (kinda) fun again
Miasma worms its way onto GitHub as attack kit goes open source
Apple’s iOS 27 goes all agentic on compromised passwords, promises to change them with one tap
Signal says UK plan to scan devices for nude images 'endangers us all'
Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
France probes compromise of gov messaging platform after account hijack
Qilin NHS breach tally grows as Essex trust confirms stolen records
VentureBeat
Meta's AI support agent bound recovery emails for anyone who asked. Your SOC never saw an alert.
Microsoft launches MXC, an OS-level sandbox for AI agents, with OpenAI and Nvidia already on board
Zip’s new AI agents want to stop your finance team from uploading contracts into personal ChatGPT accounts
Anthropic’s browser agent got hijacked 31.5% of the time before safeguards engaged
AI doesn't break security. Complexity does
Claude Mythos exposed a hard truth: Your enterprise patching process is way too slow
DataGrail report finds your vendor may be sending data to AI models you never approved
TechCrunch
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
Cybersecurity researchers aren’t happy about the guardrails on Anthropic’s Fable
ServiceNow tells customers a bug left some of their data exposed to the internet
CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
Microsoft’s open source tools were hacked to steal passwords of AI developers
WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order
Massachusetts votes to pass new privacy rights bill that bans sale of precise location data
Hacked, leaked, and held for ransom: The worst breaches of 2026 so far
OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks
Network World Security
AI-powered WAF, virtual patching: How F5 is hardening networks against frontier threats
A quick look at Cisco’s strategy to become a software monster
Residential proxies are hiding in plain sight inside enterprise networks
OpenAI weighs Nvidia-backed lease for 10 GW Ohio data center campus
Lotus Microsystems targets AI power efficiency with vStrata platform
From the data center to the edge: How to build secure, effective enterprise AI infrastructure
Arista unveils 1.6T rack-scale switch family for AI infrastructure
Zscaler launches zero trust platform for agentic AI
AI inference moving to private clouds, Broadcom says
2026 network outage report and internet health check
Help Net Security
Identity theft is turning into a chain reaction for victims
AISLE Snapshot keeps source code under enterprise control during vulnerability scanning
Drata brings visibility, control and auditability to enterprise AI agents
New Intel 471 assessment helps organizations measure CTI program maturity
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials
Building reusable workflows with custom agents in Copilot CLI
Record Microsoft Patch Tuesday, fresh zero-day
Rubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacks
Apple extends Private Cloud Compute to third-party data centers
SC Magazine
NPM v12 to block supply-chain attacks with new security measures
ServiceNow says security researchers, not hackers, accessed data
Chinese APTs have made identity part of the intrusion path
Ivanti releases patches for critical Sentry vulnerabilities
Mini Shai-Hulud ‘Hades’ variant affects 23 PyPI package versions
Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451
AI-driven computer worm demonstrates autonomous network exploitation
Veeam releases security update for critical backup server vulnerability
Rubrik enhances data security with AI agents and autonomous recovery
Filigran launches AI orchestration layer for threat management
© 2026 RiskDiscovery | Sponsored by: Deception Logic