Risk Discovery

DarkReading

Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia

How Dark Reading Lifted Off the Launchpad in 2006

76% of All Crypto Stolen in 2026 Is Now in North Korea

If AI's So Smart, Why Does It Keep Deleting Production Databases?

Name That Toon: Mark of (Security) Progress

20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber

Oracle Red Bull Racing Team Revs Up Automation to Boost Security

Ars Technica

Ubuntu infrastructure has been down for more than a day

The most severe Linux threat to surface in years catches the world flat-footed

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Open source package with 1 million monthly downloads stole user credentials

Why are top university websites serving porn? It comes down to shoddy housekeeping.

In a first, a ransomware family is confirmed to be quantum-safe

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Recent advances push Big Tech closer to the Q-Day danger zone

CyberScoop

A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory

Why data centers now belong on the critical infrastructure list

US government, allies publish guidance on how to safely deploy AI agents

Former incident responders sentenced to 4 years in prison for committing ransomware attacks

FCC tightens KYC rules for telecoms, closes loophole for banned foreign services

Congress kicks the can down the road on surveillance law (again)

cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

Two new extortion crews are speedrunning the Scattered Spider playbook

Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.

Congress, industry ponder government posture for protecting data centers

InfoSecurity Magazine

Anthropic Rolls Out Claude Security for AI Vulnerability Scanning

Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

Three Arrested for Hacking Over 610,000 Roblox Accounts

Deep#Door Python Backdoor Evades Detection On Windows

CISA and Partners Publish Zero Trust Guidance For OT Security

UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels

Europol Busts Albanian Scam Call Centers in Major Online Fraud Case

Cyber is the Number One Global “People Risk,” Says Marsh

Cursor Extension Flaw Exposes Developer API Keys

SecurityWeek

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

DigiCert Revokes Certificates After Support Portal Hack

Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

OpenAI Rolls Out Advanced Security for ChatGPT Accounts

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats

US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems

New Bluekit Phishing Kit Features AI Assistant

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

ZDNet

The future of IT service delivery is built on AI and automation

I tested Google Maps vs. Apple Maps to find the best navigation app - and this one wins

I found an AirTag alternative that's twice as durable and works with Android phones

MacBook Neo vs. iPad Air: How I'm choosing between Apple's $599 laptop and tablet

This 4TB WD Black SSD for 50% off at Best Buy is a deal I can seriously recommend

Your ChatGPT account just got more secure, but you have to opt in - here's how

Whatever you do, don't buy cheap DisplayPort cables for your PC - here's why

Miss Windows XP or 7? Then I have a free, open-source alternative for you

5 MacOS command line tools I swear by over their GUI counterparts

Hundreds of readers bought these headphones this year (and they're not from Bose, Sony, or Apple)

The Hacker News

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

2026: The Year of AI-Assisted Attacks

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

Trellix Confirms Source Code Breach With Unauthorized Repository Access

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

BleepingComputer

Backdoored PyTorch Lightning package drops credential stealer

Trellix discloses data breach after source code repository hack

They don’t hack, they borrow: How fraudsters target credit unions

Progress warns of critical MOVEit Automation auth bypass flaw

Webinar: Why MSPs must rethink security and backup strategies

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

Microsoft confirms April Windows updates cause backup failures

Instructure confirms data breach, ShinyHunters claims attack

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Telegram Mini Apps abused for crypto scams, Android malware delivery

gbhackers

Bluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session Hijacking

Cisco Launches AI Provenance Tool to Strengthen Security and Compliance

Canvas Confirms Data Breach Following ShinyHunters Claim

Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets

Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers

276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting Americans

CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks

New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks

DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks

CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug

Cybersecurity Dive

Critical vulnerability in cPanel leads to widespread exploitation

New MOVEit vulnerabilities prompt urgent patch warning

How OpenClaw’s agent skills become an attack surface

White House questions tech industry on defensive AI use, cybersecurity resilience

As email phishing evolves, malicious attachments decline and QR codes surge

US and allies urge ‘careful adoption’ of AI agents

PwC partners with Google Cloud to take on the managed security market

US agencies promote zero-trust practices for operational technology networks

CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog

State CISOs losing confidence in ability to manage cyber risks

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Shadow IT has given way to shadow AI. Enter AI-BOMs

If the vote you rocked, your personal info can be grokked

Five Eyes spook shops warn rapid rollouts of agentic AI are too risky

Brace for the patch tsunami: AI is unearthing decades of buried code debt

First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that

Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

Passport to £££: Home Office adds £216M to travel doc contract before a single bid's been placed

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Bot her emails: most modern phishing campaigns are AI-enabled

VentureBeat

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

85% of enterprises are running AI agents. Only 5% trust them enough to ship.

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

TechCrunch

Hackers are still exploiting the cPanel bug to gain control of thousands of websites

US healthcare marketplaces shared citizenship and race data with ad tech giants

5 days only: Bring a partner or colleague and get 50% off a second TechCrunch Disrupt 2026 pass

Ubuntu services hit by outages after DDoS attack

Hackers are actively exploiting a bug in cPanel, used by millions of websites

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too

Dental practice software maker fixes bug that exposed patients’ medical records

Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry

Paragon is not collaborating with Italian authorities probing spyware attacks, report says

US Supreme Court appears split over controversial use of ‘geofence’ search warrants

Network World Security

Beyond the pitch: A look at Atlético Madrid’s connected stadium

StarlingX 12.0 is right on time for mixed-hardware edge deployments

Cisco nerds out: May the Fourth be with your AI assistant

Memory shortage and cost surge push enterprises toward the cloud

Extreme Networks: Memory advantage, Wi-Fi 7 and competitive flux drive momentum

Scenes from the great data center revolt

Enterprise Spotlight: Transforming software development with AI

When 170,000 people show up: Network refresh readies Churchill Downs for Kentucky Derby

Network jobs watch: Hiring, skills and certification trends

IT certification pay surges as noncertified skills slump

Help Net Security

SC Magazine

Instructure investigates cybersecurity incident impacting Canvas platform

New botnet targets gaming servers via misconfigured Jenkins

Post Quantum Migration Struggles, AI Threats, and Modern Defenses - Bobby Ford, HD Moore, Eyal Benishti, Ramin Farassat, Daniel dos Santos - ESW #457

Cisco releases open-source ‘DNA test for AI models’

New software supply chain attack uses sleeper packages for credential theft and CI tampering

Ubuntu and Canonical services disrupted by DDoS attack claimed by hacktivists

Vietnamese operation uses Google AppSheet for Facebook phishing, targets 30,000 accounts

More sophisticated EtherRAT malware variant delivered via trojanized installer

Medicare directory exposes Social Security numbers of US healthcare providers

Anthropic opens Claude Security public beta for code audits

© 2026 RiskDiscovery | Sponsored by: Deception Logic