[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Critical MCP Integration Flaw Puts NGINX at Risk
Navigating the Unique Security Risks of Asia's Digital Supply Chain
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Microsoft Bets $10B to Boost Japan's AI, Cybersecurity
Privilege Elevation Dominates Massive Microsoft Patch Update
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
War Game Exercise Demonstrates How Social Media Manipulation Works
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Ars Technica
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
CyberScoop
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
Executive orders likely ahead in next steps for national cyber strategy
OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model 
We’re only seeing the tip of the chip-smuggling iceberg
CISA cancels summer internships for cyber scholarship students amid DHS funding lapse
Microsoft drops its second-largest monthly batch of defects on record
Space Force official touts AI’s impact on cyber compliance
Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign
Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey
Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos
InfoSecurity Magazine
OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
AI Companies to Play Bigger Role in CVE Program, Says CISA
Researchers Spot Surge in Brute-Force Attacks from Middle East
Microsoft Fixes Two Zero-Days in April Patch Tuesday
CISOs Urged to Innovate with Talent Retention as Job Satisfaction Declines
Triad Nexus Expands Global Fraud Operations Despite US Sanctions
Malicious Chrome Extensions Campaign Exposes User Data
SecurityWeek
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
Exploited Vulnerability Exposes Nginx Servers to Hacking
Capsule Security Emerges From Stealth With $7 Million in Funding
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
100 Chrome Extensions Steal User Data, Create Backdoor
CISO Conversations: Ross McKerchar, CISO at Sophos
Mirax RAT Targeting Android Users in Europe
Two Vulnerabilities Patched in Ivanti Neurons for ITSM 
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections
ZDNet
I tried Google's new desktop app for Windows, and I'll never search the old way again
Microsoft's Windows 11 laptop deal for students comes with a $500 bonus - what's included
Best Buy will give you a free LG TV when you buy the B5 OLED at 50% off - seriously
Why Zorin OS 18.1 is simply the best Linux distro - for anyone
Why Netgear just got the first FCC router ban exemption in the US
Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works
Can this $70 Linux app make up for the lack of Photoshop? I tried it to find out
You can use Linux 7.0 on these 7 distros today - here's what to expect
'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source
iPhone charging slowly? 6 quick fixes to try before blaming your battery
The Hacker News
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
BleepingComputer
Critical Nginx UI auth bypass flaw now actively exploited in the wild
New AgingFly malware used in attacks on Ukraine govt, hospitals
WordPress plugin suite hacked to push malware to thousands of sites
Signed software abused to deploy antivirus-killing scripts
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
CISA flags Windows Task Host vulnerability as exploited in attacks
Rolling Networks: Securing the Transportation Sector
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
Microsoft adds Windows protections for malicious Remote Desktop files
gbhackers
Top 10 Best API Security Providers Protecting Web Apps in 2026
Top 10 Best Application Security Testing Companies in 2026
Google, Microsoft, Meta Accused of Tracking Users Even After Privacy Opt-Out
MuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle East
Google Uses Rust-Based Firmware in Pixel 10 Modem to Improve Memory Safety
Hackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email Filters
Trusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor Campaign
Windows Active Directory Flaw Opens Door to Malicious Code Execution
Microsoft Rolls Out KB5083769 Update for Windows 11 24H2 and 25H2
Hackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business Emails
Cybersecurity Dive
FCC exempts Netgear from foreign router ban
Medium-severity flaw in Microsoft SharePoint exploited
Brute-force cyberattacks originating in Middle East surge in Q1
FCC signals continued commitment to Cyber Trust Mark program
CISOs see gaps in their incident response playbooks
US, Indonesia shut down ‘sophisticated’ phishing kit
Stryker warns of earnings fallout from March cyberattack
Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign
NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat
CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Anthropic's Project Glasswing CVE tally is still anyone's guess
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Automotive data biz Autovista blames ransomware for service disruption
French cops free mother and son after 20-hour crypto kidnap ordeal
Ancient Excel bug comes out of retirement for active attacks
Raspberry Pi OS ends open-door policy for sudo
UK told its Big Tech habit is now a national security risk
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
Commvault has a Ctrl+Z for rogue AI agents
Microsoft's massive Patch Tuesday: It's raining bugs
VentureBeat
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot
AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook
TechCrunch
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
Adobe fixes PDF zero-day security bug that hackers have exploited for months
FBI announces takedown of phishing operation that targeted thousands of victims
Booking.com confirms hackers accessed customers’ data
Hack at Anodot leaves over a dozen breached companies facing extortion
France to ditch Windows for Linux to reduce reliance on US tech
Hacker stole £700,000 from UK energy company by redirecting payment
WireGuard VPN developer can’t ship software updates after Microsoft locks account
Network World Security
Maine to put brakes on big data centers as AI expansion collides with power limits
Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions
Cisco just made moves to own the AI infrastructure stack
Data centers are moving inland, away from some traditional locations
2026 network outage report and internet health check
DNS security is often inadequate, and network engineers should get more involved
Fixing encryption isn’t enough. Quantum developments put focus on authentication
Curious about quantum? Check out training options from ISC2, IBM, AWS and more
Linux 7.0 debuts with some big changes for networking
Intel: Latest news and insights
Help Net Security
Windows is getting stronger RDP file protections to fight phishing attacks
Capsule Security debuts with $7 million funding to secure AI agent behavior
Broadcom introduces zero-trust runtime for scalable AI agents
Bitdefender extends GravityZone with continuous email threat protection
Tenable unveils OT discovery engine to expose cyber-physical risks
SC Magazine
Vishing attacks on Okta identity systems on the rise
AI on the attack: How defenders turn artificial intelligence against cyber threats
RSAC 2026: The AI SOC debate is over – now comes the reckoning
Execution gap plagues enterprise digital resilience
Manifold Security launches Manifest AI supply chain intelligence platform
Fake Ledger app on Mac app store scams users out of $9.5 million
What Claude Mythos signals for AI security’s future
Data Privacy for CISOs: How to Build a Privacy-First Security Strategy (2025 Guide) - WC #1
WordPress plugins compromised after acquisition, leading to backdoor installation
New JanaWare ransomware targets Turkey with low-value, high-volume attacks
© 2026 RiskDiscovery | Sponsored by: Deception Logic