[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
Feuding Ransomware Groups Leak Each Other's Data
Vidar Rises to Top of Chaotic Infostealer Market
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
20-Year-Old Malware Rewrites History of Cyber Sabotage
Parsing Agentic Offensive Security's Existential Threat
Helping Romance Scam Victims Requires a Proactive, Empathic Approach
Ars Technica
Open source package with 1 million monthly downloads stole user credentials
Why are top university websites serving porn? It comes down to shoddy housekeeping.
In a first, a ransomware family is confirmed to be quantum-safe
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
CyberScoop
Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul
Federal CIO cautious on Anthropic’s Mythos despite planned rollout
Rep. Delia Ramirez takes over as top House cybersecurity Dem
U.S. companies hit with record fines for privacy in 2025
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
Supreme Court justices skeptically question both sides in geofence surveillance case
Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line
BlackFile actively extorting data-theft victims in retail and hospitality sector
Latest spy power reauthorization bill leaves critics unimpressed
Vercel attack fallout expands to more customers and third-party systems
InfoSecurity Magazine
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
Medtronic Confirms Data Breach After ShinyHunters Claims
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Chinese National Extradited Over Silk Typhoon Cyber Campaign
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
US Sanctions Target Cambodian Scam Network Leaders
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Widely Used Browser Extensions Selling User Data
SecurityWeek
Iranian Cyber Group Handala Targets US Troops in Bahrain
38 Vulnerabilities Found in OpenEMR Medical Software
Chrome 147, Firefox 150 Security Updates Rolling Out
Critical GitHub Vulnerability Exposed Millions of Repositories
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks
Vimeo Confirms User and Customer Data Breach
The Mythos Moment: Enterprises Must Fight Agents with Agents
Webinar Today: A Step-by-Step Approach to AI Governance
Robinhood Vulnerability Exploited for Phishing Attacks
Alleged Chinese State Hacker Extradited to US
ZDNet
The best VPN services for iPhone in 2026: Expert tested and reviewed
Amazon Prime Day 2026 is likely coming earlier. Here's everything to know so far
The best Apple TV VPNs of 2026: Expert tested and reviewed
Over 80% of US government agencies already use AI agents - and it's only the beginning
Microsoft finally open sources DOS 1.0 - and it's so much more than the code
I was not expecting a Razer keyboard to enhance my office productivity - here's how it did
User interfaces as we know them are dead - 4 ways to prep for 'disposable' UIs
Want a free Apple Watch? T-Mobile will give you the SE 3 - how to get yours today
You can save 50% on this Sony soundbar right now - but the deal ends tonight
I tested a BlackBerry-style Android phone with a keyboard, and it's weirdly practical in 2026
The Hacker News
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
After Mythos: New Playbooks For a Zero-Window Era
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
BleepingComputer
CISA orders feds to patch Windows flaw exploited as zero-day
Microsoft says backend change broke Teams Free chat and calls
Broken VECT 2.0 ransomware acts as a data wiper for large files
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Video service Vimeo confirms Anodot breach exposed user data
US reportedly charges Scattered Spider hacker arrested in Finland
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Microsoft to deprecate legacy TLS in Exchange Online starting July
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Microsoft: New Remote Desktop warnings may display incorrectly
gbhackers
VECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXi
SLOTAGENT Malware Hides API Calls and Strings to Thwart Analysis
Vimeo Confirms Data Breach After Hackers Access User Database
LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection
CISA Warns of Windows Shell Zero-Day Exploited in Attacks
Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi
cPanel Releases Emergency Patch for Critical Authentication Flaw
Microsoft Confirms Remote Desktop Warning Issue After April Update
BlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure Campaign
GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution
Cybersecurity Dive
‘Fundamental tension’ undermines manufacturers’ cybersecurity
North Korea-linked actor targets Web3 execs in social-engineering campaign
Major critical infrastructure supplier reports cyberattack
US, UK authorities warn that Firestarter backdoor malware survives patching
When security becomes the attack surface: Why endpoint protection must evolve
Hasbro expects March cyberattack to impact second-quarter revenue
AI-written software creates hassles for wary security teams
China disguises cyberattacks with ‘covert network’ botnets, US and allies warn
Iran-nexus threat groups refine attacks against critical infrastructure
Trump’s CISA director pick withdraws after tumultuous nomination
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
30 ClawHub skills secretly turn AI agents into a crypto swarm
Don't pay Vect a ransom - your data's likely already wiped out
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
SUSE's sovereignty pitch meets an inconvenient $6 billion question
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Medical and utility tech companies admit digital breakins
Trump's Golden Dome gets $3.2B of contractors and an AI sprinkle
Cybersec is a thankless job: expanding workload and shrinking pay packet
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
VentureBeat
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.
85% of enterprises are running AI agents. Only 5% trust them enough to ship.
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
TechCrunch
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
US Supreme Court appears split over controversial use of ‘geofence’ search warrants
Hacker who allegedly carried out cyberattacks for China is extradited to US
Critical infrastructure giant Itron says it was hacked
Another spyware maker caught distributing fake Android snooping apps
Trump’s pick to run US cyber agency CISA asks to drop out
Vercel says some of its customers’ data was stolen prior to its recent hack
Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
France confirms data breach at government agency that manages citizens’ IDs
Apple fixes bug that cops used to extract deleted chat messages from iPhones
Network World Security
2026 network outage report and internet health check
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
AI data bursts force rethink of data center networking at Backblaze
Nvidia’s ‘AI insurance policy’ balances immediate and future AI approaches
Top network and data center events of 2026
Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores
Cirrascale to offer on-prem Google Gemini models
Space data-center news: Roundup of extraterrestrial AI endeavors
Network jobs watch: Hiring, skills and certification trends
Cisco switch aimed at building practical quantum networks
Help Net Security
CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
Microchip expands Trust Shield with PQC-ready root of trust and secure boot controllers
Kaseya agentic IT management unifies data and automates ticketing, security and backups
DigitalOcean AI-Native Cloud unifies infrastructure, inference, and agents for production AI
amazeeClaw simplifies production deployment of AI agents with regional control
Virtue AI PolicyGuard turns AI policies into enforceable runtime guardrails
Eino’s agentic network observability platform enables real-time, AI-driven network insights
Fedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6
The Exchange Online security controls organizations keep getting wrong
AI prompt confidentiality and false citations worry researchers
SC Magazine
The Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ - Mark Hughes, Mehul Revankar, Marc Manzano - BSW #445
Canadian authorities arrest 3 in SMS blaster phishing scheme
Italy moves to extradite Chinese national to U.S. over alleged COVID-19 research hacks
Vidar infostealer evolves, uses image files for stealthy attacks
AI coding agent deletes production database in seconds
Robinhood account creation flaw exploited for phishing emails
California man sentenced to 70 months for laundering $3.5 million in crypto heist
Elfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Sararimen, Aaran Leyland - SWN #576
Microsoft patches Entra ID bug that let AI agents escalate privileges
Trust or fail: AI unlocks the value of unstructured data but raises new challenges for AI success
© 2026 RiskDiscovery | Sponsored by: Deception Logic