A naukri.com initiative
Cyber Security News
Tech Radar
1M
63
Image Credit: Tech Radar
You can now auto-change compromised passwords with Chrome's Credential Manager
- Chrome's password manager now allows users to change compromised passwords directly in the browser.
- The new feature aims to reduce friction by prompting users to fix compromised passwords automatically.
- Passwords remain the primary method of authentication despite security concerns.
- Google is enhancing identity verification mechanisms while acknowledging the enduring prevalence of passwords.
Read Full Article
3 Likes
Hackernoon
1M
438
Image Credit: Hackernoon
Attaxion Becomes The First EASM Platform To Integrate ENISA’s EU Vulnerability Database (EUVD)
- Attaxion integrates the European Vulnerability Database (EUVD) into its platform for enhanced vulnerability management.
- The EUVD, operated by ENISA, offers a multi-stakeholder approach with actionable information for cybersecurity.
- The integration allows security teams to access broader coverage, context, and metadata for vulnerability prioritization.
- Attaxion's move sets a precedent in aligning EASM with public-sector threat intelligence efforts, supporting better-informed security decisions.
Read Full Article
26 Likes
Inkbotdesign
1M
36
Image Credit: Inkbotdesign
21 Website Design Tips for Beginners (That Pros Still Use)
- Great websites are crafted experiences guiding visitors towards actions while ensuring comfort.
- Starting with a clear purpose influences every design decision that follows.
- Embracing white space improves readability, hierarchy, and visual appeal.
- Designing with mobile in mind first is crucial in today's mobile-centric world.
- Creating a visual hierarchy guides the eye through the content in a specific order.
- Choosing colors strategically based on color theory and psychology is important for communication.
- Optimizing images properly is key to reducing page load times and enhancing user experience.
- Intuitive navigation systems are essential for helping users find their way around the website.
- Simplicity in user flows is crucial to minimize drop-off rates and ensure smooth user experiences.
- Prioritizing page loading speed is important as delays can impact conversions.
Read Full Article
2 Likes
Adamlevin
1M
68
Keren Elazari Decrypts the Ransomeware Nightmare
- Ransomware is a malicious software used by hackers to hijack data on devices or networks, targeting critical entities like hospitals and banks.
- Cybersecurity expert Keren Elazari discussed the persistent threat of ransomware attacks on essential infrastructure, such as telecommunications and water systems.
- The Tinfoil Swan delves into the pwnagotchi, a hacking gadget highlighting the importance of maintaining good cyber hygiene to prevent cyber attacks.
- The article decrypts ransomware nightmares and sheds light on the ongoing battle against cyber threats.
Read Full Article
4 Likes
Tech Radar
1M
424
Image Credit: Tech Radar
Vulnerability that allows full admin takeover found in premium WordPress theme
- 'Motors' premium WordPress theme had a critical-severity vulnerability allowing full website takeover.
- The vulnerability enabled threat actors to take over admin accounts by changing passwords.
- Developers released a fix for the privilege escalation flaw, tracked as CVE-2025-4322 with a severity score of 9.8/10.
- Users of Motors theme are advised to update to the fixed version released on May 14, 2025, to prevent potential website compromise.
Read Full Article
25 Likes
Wired
1M
91
Image Credit: Wired
Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals
- Law enforcement agencies and tech companies collaborate to disrupt the infostealer malware Lumma, extensively used by cybercriminals to steal sensitive information.
- Microsoft's Digital Crimes Unit obtained a court order to seize Lumma-related domains, with US DOJ seizing its command and control infrastructure.
- The malware is known for being easy to distribute, hard to detect, and capable of bypassing security defenses, favored by cybercriminal groups like Scattered Spider.
- Lumma infected over 394,000 Windows computers in a two-month period and was prominent on cybercrime forums in 2024.
- Law enforcement, with tech companies like Cloudflare, coordinated to disrupt Lumma's infrastructure, preventing its quick recovery by developers.
- Infostealers like Lumma have become a primary tool for cybercriminals, facilitating data theft that acts as a precursor to high-impact attacks.
- Developers continually enhance Lumma, with recent efforts involving AI integration to automate data processing.
- Microsoft identifies Lumma's main developer as 'Shamel' operating in Russia, offering customized malware services on chat forums.
- Instances of Lumma being used in attacks on major entities like Caesars Entertainment and PowerSchool have surfaced, showcasing its widespread impact.
- Although law enforcement actions target infostealers like Lumma, their prevalence and usefulness suggest continued existence in cybercriminal operations.
Read Full Article
5 Likes
The Verge
1M
68
Image Credit: The Verge
19-year-old student to plead guilty to huge school database hack
- 19-year-old college student Matthew Lane from Massachusetts is set to plead guilty to a massive hack on PowerSchool, a student information system, involving cyber extortion and unauthorized access to protected computers.
- Lane threatened to leak personal data of millions of students and teachers unless a $2.85 million ransom was paid to prevent exposure of names, email addresses, Social Security numbers, and medical information.
- PowerSchool faced a data breach affecting personal information from its customer support portal, PowerSource, paid the ransom to prevent data exposure, but still received threats of data exposure.
- The Department of Justice accused Lane of breaking into PowerSchool using stolen login credentials, transferring data to a server in Ukraine, breaching and extorting another US-based telecom company, and causing financial costs and fear among parents.
Read Full Article
4 Likes
TechCrunch
1M
397
Image Credit: TechCrunch
US student agrees to plead guilty to hack affecting tens of millions of students
- Massachusetts student, Matthew D. Lane, to plead guilty to federal charges related to hacking and extorting a major U.S. education tech company.
- Lane accessed network of an unnamed software company, stealing personal information of over 60 million students and 10 million teachers, including sensitive data like Social Security numbers and medical information.
- Lane worked with a co-conspirator to extort about $2.85 million in cryptocurrency from the education software maker.
- The compromised company, likely PowerSchool, paid hackers to delete stolen data, facing subsequent extortion attempts from others claiming the data was not destroyed.
Read Full Article
23 Likes
Silicon
1M
310
Image Credit: Silicon
M&S Cyberattack To Cost £300m And Upheaval To Last Into July
- Marks & Spencer (M&S) confirms financial and operational impact of recent cyberattack, revealing customer data theft and disrupted operations.
- M&S estimates £300m impact on Group operating profit for 2025/26 due to cyberattack, with online disruption expected to continue into July.
- UK's National Crime Agency identifies cyber-criminal collective Scattered Spider as key focus, known for ransomware attacks using DragonForce platform.
- Leader of Scattered Spider, Tyler Buchanan, arrested in Spain, while other alleged members include Noah Michael Urban and Remington Ogletree, with global arrests made in connection with previous hacks.
Read Full Article
18 Likes
Tech Radar
1M
439
Image Credit: Tech Radar
Co-op and M&S food supplier hit by ransomware attack
- UK logistics company Peter Green Chilled, a supplier to supermarkets, was hit by a ransomware attack disrupting its operations.
- The attack affected the supply chain, leading to temporary halting of new orders and uncertainties about the extent of data breach and ransom demands.
- Major UK supermarkets like Tesco, Sainsbury's, and Aldi, along with Co-op and M&S, were impacted by the attack on Peter Green Chilled.
- Cybersecurity experts emphasize the importance of strengthening defenses in retail and logistics sectors to prevent ransomware attacks and ensure continuity of operations.
Read Full Article
26 Likes
Global Fintech Series
1M
356
Image Credit: Global Fintech Series
SecurityScorecard Report Links 41.8 Percent of Breaches Impacting Leading Fintech Companies to Third-Party Vendors
- SecurityScorecard released a report highlighting that 41.8% of breaches impacting top fintech companies originated from third-party vendors.
- Fintech firms had the strongest security posture among industries analyzed, with 55.6% earning an 'A' rating.
- Recommendations for fintech companies include strengthening third- and fourth-party risk oversight, securing shared infrastructure, addressing application security and DNS gaps, enforcing strong credential protections, and treating repeat breaches as a leading risk signal.
- SecurityScorecard's Supply Chain Detection and Response helps defend against supply chain attacks, with a focus on continuous monitoring of third-party risks and providing response and remediation capabilities.
Read Full Article
21 Likes
Tech Radar
1M
50
Image Credit: Tech Radar
An OpenPGP.js flaw just broke public key cryptography
- A security flaw in OpenPGP.js allows threat actors to verify fake messages as legitimate, breaking public key cryptography.
- The bug affects versions 5.0.1 to 5.12.2 and 6.0.0-alpha.0 to 6.1.0, but a patch is available in versions 5.11.3 and 6.1.1.
- In theory, the vulnerability could be exploited for fake payment authorization, among other things.
- Users can apply the patch or use a workaround to mitigate the risk of exploitation. The bug is now tracked as CVE-2025-47934 with a high severity score of 8.7/10.
Read Full Article
3 Likes
Securityaffairs
1M
82
Image Credit: Securityaffairs
Coinbase data breach impacted 69,461 individuals
- Coinbase disclosed that a recent data breach impacted 69,461 individuals after overseas support staff accessed customer and corporate data improperly.
- Rogue contractors stole data on under 1% of users from Coinbase and demanded $20 million; breach initially disclosed in an SEC filing.
- Unauthorized data access was detected by support personnel, prompting termination, enhanced monitoring, and user alerts; breach involved a coordinated campaign.
- Exposed data did not include passwords, private keys, or customer funds but included contact details, partial SSNs, bank info, ID images, account history, and limited internal documents.
Read Full Article
4 Likes
Lastwatchdog
1M
324
News alert: DataHub secures $35M Series B to enable AI to safely manage and use data
- DataHub, by Acryl Data, has secured $35 million in Series B funding led by Bessemer Venture Partners, bringing the total funding to $65 million.
- The funding will accelerate the development of DataHub's context management platform for improved data discovery, observability, and control.
- DataHub aims to address the context gap for AI systems by providing real-time metadata platform to enhance interaction with data assets.
- The company will utilize the funding to invest in the open-source community, R&D, go-to-market operations, and customer success capabilities.
Read Full Article
19 Likes
Silicon
1M
379
Image Credit: Silicon
Legal Aid Agency Confirms Cyberattack, Data Theft
- The Legal Aid Agency, an agency of the UK Ministry of Justice, experienced a cyberattack resulting in a significant data breach of personal information.
- Sensitive data, including financial information, of legal aid applicants dating back to 2010 has been compromised in the breach.
- The agency has taken down its online services and urged affected individuals to safeguard themselves against potential identity theft and suspicious activity.
- The Ministry of Justice is working with authorities to address the breach, and the Legal Aid Agency CEO has apologized for the incident and emphasized the need for enhanced system security.
Read Full Article
22 Likes
For uninterrupted reading, download the app