A naukri.com initiative
Cyber Security News
Medium
1M
172
My First CTF (Winja CTF | Nullcon Goa 2025)
- The author participated in their first CTF challenge called Winja CTF | Nullcon Goa 2025.
- In the first challenge, the author used prompt injection to make the chatbot say the phrase 'Accio Flag' and successfully retrieved the flag.
- In the second challenge, the author used Base64 encoding to trick a more advanced chatbot and retrieve the flag.
- The author also attempted a web application security challenge and found the flag by performing a gobuster directory scan.
Read Full Article
10 Likes
VentureBeat
1M
338
Image Credit: VentureBeat
Major AI market share shift revealed: DALL-E plummets 80% as Black Forest Labs dominates 2025 data
- New data from Poe reveals significant shifts in the AI market share in 2025, showcasing changes in AI tool utilization among businesses and consumers.
- The report provides insights into text, image, and video generation technologies based on interactions from millions of users.
- Market fragmentation exists across all AI modalities, with newer players like DeepSeek in text and Black Forest Labs in image generation gaining market share.
- Google's performance varies across different AI types, highlighting the challenges of achieving cross-modal leadership.
- Video generation shows intense competition, with existing and new providers rapidly capturing market share.
- Chinese-developed models hold a notable share in video generation, contributing to innovation despite geopolitical tensions.
- The image generation field sees a significant shift, with established models losing ground to newcomers like Black Forest Labs.
- Poe's data indicates the trend of users abandoning older models for newer, more capable offerings in the AI market.
- OpenAI and Anthropic maintain dominance in text generation, but face challenges from newer players like DeepSeek.
- The report emphasizes the need for enterprises to build flexible AI stacks to adapt to evolving capabilities in the rapidly changing AI landscape.
Read Full Article
20 Likes
TechCrunch
1M
392
Image Credit: TechCrunch
What PowerSchool won’t say about its data breach affecting millions of students
- PowerSchool, a K-12 software provider, suffered a significant data breach in December 2024, potentially affecting millions of students and staff across North America.
- The breach originated from a compromised credential in the customer support portal, granting access to the school information system.
- While some details of the breach have been disclosed, many crucial questions remain unanswered by PowerSchool.
- The company has not revealed the exact number of individuals impacted by the breach, despite estimates from various sources.
- Reports suggest that personal data of over 62 million students and 9.5 million teachers may have been accessed by the hacker.
- The types of stolen data, including sensitive personal information and medical records, remain undisclosed by PowerSchool.
- The company worked with a cyber-extortion incident response firm to negotiate with the hackers, hinting at a ransom payment.
- Concerns linger about whether the stolen data has been completely deleted, as PowerSchool has not provided evidence of deletion.
- The identity of the hacker responsible for the breach is unknown, raising questions about cybersecurity measures.
- Forensic reports have shed some light on the breach timeline, indicating potential long-standing access to PowerSchool's network.
Read Full Article
23 Likes
Medium
1M
171
Image Credit: Medium
When It Comes To Tech, The Best Parental Control… Is You!
- Parents, grandparents, educators, and any adult who cares for a young person have a responsibility to raise cyber aware kids.
- There is no one-stop-shop set of rules for digitally parenting, but the one rule is to get involved and stay involved in your children's digital lives.
- Software and hardware parental controls can never replace the best parental control - you.
- Children need a parent by their side to help them navigate the digital world.
Read Full Article
10 Likes
Medium
1M
130
Image Credit: Medium
Guess who earned the Naughty Phone?
- Disciplining kids today is no easy task. Research shows that children are more attached to their cell phones than ever before.
- The prevalence of smartphones among children has increased, with the average age for a child to receive their first cell phone being 10 years old.
- For many parents, the most effective form of discipline is taking away their child's technology, especially their smartphone.
- In order to recreate the feeling of being connected while implementing discipline, some parents have resorted to using old flip phones with no camera or internet connectivity.
Read Full Article
7 Likes
Tech Radar
1M
121
Image Credit: Tech Radar
YouTubers targeted by blackmail campaign to promote malware on their channels
- Cybercriminals are targeting YouTubers with fake copyright claims, blackmailing them to distribute malware through their videos and channels.
- Kaspersky researchers discovered the campaign, primarily affecting Russian victims, with more than 40,000 downloads before it was taken down.
- The cybercriminals filed copyright claims, then demanded creators to include a trojanized download link in the video description.
- The trojanized download link contained a version of Windows Packet Divert tool, carrying a cryptocurrency miner called SilentCryptoMiner.
Read Full Article
7 Likes
TechCrunch
1M
315
Image Credit: TechCrunch
Hacker accessed PowerSchool’s network months before massive December breach
- A new forensic report by CrowdStrike reveals that U.S. edtech giant PowerSchool was compromised by a hacker months before the December breach.
- PowerSchool confirmed unauthorized activity on its network prior to December, possibly dating back to August 2024.
- The hacker used compromised support credentials to access PowerSchool's network and gained unauthorized access to the customer support portal.
- PowerSchool's log data did not go far enough to attribute the earlier access to the same threat actor involved in the December breach.
Read Full Article
19 Likes
Cybersecurity-Insiders
1M
338
Image Credit: Cybersecurity-Insiders
Cycode Launches Proprietary Next-gen SAST Engine to Elevate Complete ASPM Platform
- Cycode has launched its proprietary next-generation SAST engine to elevate its ASPM platform.
- The new SAST engine achieves a 94% reduction in false positives in benchmark tests.
- Effective ASPM starts with high-quality data and accurate scans to reduce risk and improve operational efficiency.
- Cycode's SAST engine provides fast and accurate security feedback to reduce risk, increase productivity, and lower cost of ownership.
Read Full Article
20 Likes
Dev
1M
315
Image Credit: Dev
CertDecoder.com - A Free and Simple Online Certificate Decoder"
- CertDecoder.com is a free and simple online certificate decoder tool.
- Built by a developer to handle certificates and verify their details.
- Allows users to quickly check PEM-formatted X.509 certificate details.
- Privacy-first and retro design, with all processing happening in the browser.
Read Full Article
19 Likes
Tech Radar
1M
130
Image Credit: Tech Radar
Experts warn this critical PHP vulnerability could be set to become a global problem
- Cybersecurity researchers from Cisco Talos recently discovered a critical PHP-CGI vulnerability, labeled CVE-2024-4577.
- These vulnerabilities have been exploited for stealing credentials and establishing persistence on target systems.
- In response to the widespread and ongoing attacks, immediate action is required by defenders globally.
- A patch for the vulnerability was released in the summer of 2024.
Read Full Article
7 Likes
Cybersecurity-Insiders
1M
4
Image Credit: Cybersecurity-Insiders
Twitter not down due to Cyber Attack
- On March 10, 2025, Twitter experienced widespread disruptions in service, affecting users globally.
- Speculation arose that the outage was due to a cyber-attack, but it was later debunked and attributed to a technical glitch caused by a software rollout.
- The issue was swiftly addressed, and services were restored within 24 to 60 minutes, though some users experienced longer interruptions.
- The Twitter outage was not a result of a cyber-attack, but rather a technical glitch, according to Twitter sources.
Read Full Article
Like
Tech Radar
1M
49
Image Credit: Tech Radar
Another top security camera maker is seeing devices hijacked into botnet
- A command injection vulnerability in an old IP camera, the IC-7100 by Edimax, is being exploited to build a botnet.
- The camera is no longer supported or receive a patch, leaving users vulnerable to cybercriminals.
- The flaw, tracked as CVE-2025-1316, has a severity score of 9.3/10, and enables remote code execution.
- The only way to defend against this attack is to replace the old cameras with newer, supported models.
Read Full Article
2 Likes
Securityaffairs
1M
171
Image Credit: Securityaffairs
Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
- Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution.
- Over 1,000 attacks detected globally.
- The vulnerability tracked as CVE-2024-4577 allows for remote code execution on vulnerable servers using Apache and PHP-CGI.
- GreyNoise researchers report a significant increase in attacks targeting multiple regions, including the US, UK, Singapore, and Japan.
Read Full Article
10 Likes
Tech Radar
1M
23
Image Credit: Tech Radar
Software bug meant NHS information was potentially “vulnerable to hackers”
- The NHS is reportedly looking into allegations of a third-party software flaw.
- The software flaw in Medefer, a virtual booking provider, left patient data potentially vulnerable to hackers.
- Medefer denies any knowledge of the issue and claims no evidence of patient data breach.
- Healthcare data being exposed could lead to the misuse of personal and sensitive information.
Read Full Article
1 Like
TechBullion
1M
67
Image Credit: TechBullion
Powerful IP Stresser and Booter Solutions: Next-Generation DDoS Testing Tools
- Businesses face constant threats from cyberattacks, particularly DDoS attacks, which can cause significant financial losses and service disruptions.
- IP stressers and booters are crucial tools for stress testing networks to prepare for potential DDoS attacks.
- These tools simulate large amounts of traffic to test network strength and identify weaknesses.
- IP stressers, also known as booters, allow businesses to run tests mimicking real DDoS attack scenarios.
- Regular stress testing with booters helps in building a more robust infrastructure to mitigate malicious attacks.
- Stressers can simulate various DDoS attack types, providing a comprehensive testing environment for businesses.
- Investing in a reliable stresser tool is essential for preventing downtime and enhancing network security.
- Testing with an IP stresser can simulate realistic DDoS attacks, helping in identifying vulnerabilities proactively.
- Improving network resilience and addressing vulnerabilities through stress testing is cost-effective compared to dealing with actual attacks.
- Premium stresser tools like Stresslab offer more advanced features, better performance, and enhanced security for comprehensive testing.
Read Full Article
4 Likes
For uninterrupted reading, download the app