menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Hackersking

5d

read

20

img
dot

Image Credit: Hackersking

Phishing Attack Through WinRAR File Archiver Simulation Using .Zip Domain

  • Google released new top-level domains in May 2023, including .zip, raising cybersecurity concerns.
  • Cybercriminals can use TLDs like .zip to simulate phishing attacks, tricking users into downloading malicious files.
  • An example phishing website was created to demonstrate how a .zip domain can be used for attacks, emulating WinRAR and Windows 11.
  • Organizations are advised to block .zip and .mov domains to prevent phishing attacks leveraging these new TLDs.

Read Full Article

like

1 Like

source image

Dev

5d

read

110

img
dot

Image Credit: Dev

The Hidden File That Powers SafeLine WAF: What's Inside `.env`?

  • SafeLine is a free and open-source Web Application Firewall (WAF) designed to protect web apps against modern attacks without requiring coding.
  • The .env file in SafeLine's installation directory contains crucial configuration variables like directory paths, passwords, and Docker image details.
  • Variables in the .env file manage settings such as data storage, Docker image version, web management port, database and Redis passwords, subnet prefix, and image registry path.
  • Users can customize SafeLine settings by editing the .env file, enabling flexibility in managing ports, security credentials, networking, and image sources.

Read Full Article

like

6 Likes

source image

Medium

5d

read

61

img
dot

Image Credit: Medium

When AI Crosses the Line: Fake Passports, Prompt Hacks & the Dark Side of Image Generation

  • AI advancements, such as those from OpenAI with its ChatGPT-4o models, are being exploited to generate fake passports and other fraudulent documents.
  • Security researchers discovered that by manipulating prompts, AI could create realistic-looking passports within minutes, raising concerns about the vulnerability of systems reliant on image recognition for ID verification.
  • Bad actors can now easily generate counterfeit documents using AI, which poses risks to financial institutions, legal frameworks, and immigration systems.
  • To mitigate the risks posed by AI-generated forgeries, organizations are advised to implement additional layers of defense, such as biometric matching, NFC chip reading, and real-time facial recognition, and integrate new detection models to identify AI-generated images.

Read Full Article

like

3 Likes

source image

Siliconangle

5d

read

302

img
dot

Image Credit: Siliconangle

Cloudflare’s AI game-changer, Intel’s challenges and the Trump-Musk catfight

  • Cloudflare enables website operators to charge AI developers for access to material.
  • Competition intensifies in the AI landscape, with companies like Apple, Baidu, and Elon Musk's xAI.
  • Intel faces challenges under new CEO Lip-Bu Tan, including potential downsizing and changing fab processes.
  • Elon Musk criticizes Trump's budget bill, leading to implications for Tesla stock and cybersecurity investments.
  • Cato Networks raises $359 million, HPE acquires Juniper Networks, and various AI startups secure funding.

Read Full Article

like

17 Likes

source image

Medium

5d

read

341

img
dot

Image Credit: Medium

Google’s Android Warning For 3 Billion Users: Change This Setting Now

  • Hackers can send malicious SMS messages to smartphones using an SMS Blaster, a technique that doesn't require knowing the phone number.
  • An SMS Blaster acts as an illegal cellphone mast, tricking nearby smartphones into connecting to it by emitting a stronger 2G signal.
  • These attacks, known as Stingray attacks, exploit insecure rogue cell mast methods to compromise Android smartphones.
  • While the chances of falling victim to such attacks are low, users are advised to take precautions by changing security settings on their Android devices.

Read Full Article

like

20 Likes

source image

Wired

6d

read

218

img
dot

Image Credit: Wired

The Person in Charge of Testing Tech for US Spies Has Resigned

  • The head of the US government’s Intelligence Advanced Research Projects Activity (IARPA), Rick Muller, is resigning from his position to join a quantum computing company.
  • IARPA, established post-9/11, focuses on testing AI, quantum computing, and other emerging technologies for spy agencies like the CIA and NSA.
  • The Trump administration is reportedly downsizing intelligence agencies, leading to workforce cuts and program reduction, although IARPA is not currently targeted.
  • Muller's departure raises questions about the future of IARPA's research projects, including cybersecurity risks and advancements in technology used by spy agencies.

Read Full Article

like

13 Likes

source image

Dev

6d

read

30

img
dot

Image Credit: Dev

Why Technical Cybersecurity Founders Struggle with Marketing (and How AI Is Changing the Game)

  • Technical founders in cybersecurity struggle with marketing due to communication gap with buyers.
  • AI tools like GrackerAI help bridge the gap by translating technical features into business value.
  • Challenges include extreme buyer skepticism, lack of references, regulatory constraints, and multi-stakeholder sales.
  • Technical founders often face jargon barriers, curse of knowledge, and product-market fit confusion.
  • Specialized AI platforms aid in analyzing tech features, translating them for different personas, and implementation strategies.

Read Full Article

like

1 Like

source image

Ars Technica

6d

read

238

img
dot

Image Credit: Ars Technica

Provider of covert surveillance app spills passwords for 62,000 users

  • The maker of the Catwatchful covert surveillance app accidentally leaked sensitive data, including email addresses and passwords, for 62,000 users.
  • A security flaw due to a SQL injection vulnerability allowed a researcher to access and download the private information of users.
  • The app is marketed as being stealthy and secure, intended for parental control, but concerns have been raised about its potential misuse for clandestine activities.
  • Google has enhanced its security measures to detect the Catwatchful spyware on Android devices, and actions are being taken by web hosts to address concerns related to the app.

Read Full Article

like

14 Likes

source image

Mcafee

6d

read

177

img
dot

Image Credit: Mcafee

How to Shop Safely During Amazon Prime Day

  • As Amazon Prime Day nears, there's a warning about scams targeting online shoppers.
  • An elderly woman was scammed of nearly $1 million by a fake Amazon representative.
  • Scammers exploit economic anxiety and major shopping events to deceive consumers.

Read Full Article

like

10 Likes

source image

Securityaffairs

6d

read

173

img
dot

Image Credit: Securityaffairs

China-linked group Houken hit French organizations using zero-days

  • China-linked group Houken targeted French government, telecom, media, finance, and transport sectors using Ivanti CSA zero-days, according to France’s ANSSI.
  • The campaign, active since September 2024, involved an intrusion set named Houken, leveraging zero-day exploits and a rootkit, and utilizing Chinese open-source tools and diverse infrastructure like VPNs and dedicated servers.
  • The attackers exploited vulnerabilities CVE-20248190, CVE-2024-8963, and CVE-2024-9380 on Ivanti CSA devices, aiming to obtain credentials, ensure persistence, move laterally, conduct reconnaissance, steal credentials, and maintain control over compromised systems.
  • The Houken intrusion set's tactics suggest a proficient actor aiming at high-value systems, possibly for espionage or selling access. ANSSI points out links between Houken and UNC5174, indicating a shared operator involved in selling access and intelligence.

Read Full Article

like

10 Likes

source image

Wired

6d

read

16

img
dot

Image Credit: Wired

Trump Officials Want to Prosecute Over the ICEBlock App. Lawyers Say That’s Unconstitutional

  • ICEBlock app allows users to share ICE agent locations anonymously within 5-mile radius.
  • Trump officials threaten to prosecute app developer and CNN for promoting avoidance of law enforcement.
  • Legal experts argue app falls under protected speech and prosecution would be unconstitutional.
  • App creator emphasizes informing, not obstructing, in pushback against authoritarianism and fascism.

Read Full Article

like

Like

source image

Wired

6d

read

127

img
dot

Image Credit: Wired

CBP Wants New Tech to Search for Hidden Data on Seized Phones

  • CBP is seeking digital forensics tools to process data from seized devices.
  • Tools must find hidden data, identify objects in videos, and access encrypted chats.
  • CBP aims to modernize its program and signed contract by fiscal 2026.
  • The agency conducts device searches and may use tools like Cellebrite for analysis.

Read Full Article

like

7 Likes

source image

Tech Radar

6d

read

251

img
dot

Image Credit: Tech Radar

Another top WordPress plugin hacked to allow account takeover - stay safe with these tips

  • A high-severity vulnerability was discovered in the Forminator WordPress plugin, potentially allowing hackers to take over compromised websites.
  • The vulnerability involved insufficient validation of form field input and an unsafe file deletion logic that could force Forminator to delete a core WordPress file, leading to a complete site takeover.
  • The issue is tracked as CVE-2025-6463 with a severity score of 8.8/10 and affects all versions up to 1.44.2. A patch (version 1.44.3) is available and users are advised to update immediately to mitigate the risk.
  • Experts recommend upgrading Forminator plugin to the latest version or disabling/deleting it to stay safe. With over 600,000 active websites using the plugin, applying the patch is crucial to avoid exploitation.

Read Full Article

like

15 Likes

source image

VentureBeat

6d

read

243

img
dot

Image Credit: VentureBeat

Dust hits $6M ARR helping enterprises build AI agents that actually do stuff instead of just talking

  • Dust, an AI platform, grows annual revenue to $6 million.
  • Shift in enterprise AI adoption from chatbots to advanced systems.
  • Dust's AI agents automate business tasks like updating CRM records and creating GitHub issues.
  • Utilizes Model Context Protocol for secure data access and specialized orchestration.
  • Represents trend of AI-native startups leveraging advanced AI capabilities for practical implementation.

Read Full Article

like

14 Likes

source image

Tech Radar

6d

read

90

img
dot

Image Credit: Tech Radar

ChatGPT and other AI tools could be putting users at risk by getting company web addresses wrong

  • New research highlights that AI often provides incorrect URLs, posing risks to users like phishing and malware attacks.
  • One in three login links provided by large language models (LLMs) such as GPT-4.1 were incorrect, with some leading to unsafe domains.
  • Attackers are optimizing websites for LLMs, creating phishing risks, with instances of fake sites being recommended by AI tools observed.
  • Developers have unknowingly used malicious AI-generated URLs in code, emphasizing the need for users to verify web addresses before clicking on links.

Read Full Article

like

5 Likes

For uninterrupted reading, download the app