menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Securityaffairs

2M

read

413

img
dot

Image Credit: Securityaffairs

New botnet HTTPBot targets gaming and tech industries with surgical attacks

  • A new botnet named HTTPBot is targeting China’s gaming, tech, and education sectors, as discovered by cybersecurity researchers.
  • HTTPBot, a Go-based botnet detected in August 2024, intensified its activities by April 2025, engaging in highly targeted attacks using advanced DDoS tactics.
  • The botnet employs various HTTP-based attack methods to conduct precise transactional DDoS attacks on critical interfaces, posing a systemic threat to industries reliant on real-time interaction.
  • HTTPBot features 7 built-in DDoS attack methods, evades detection through techniques like Base64 encoding, and specifically targets the Windows platform, making it a significant threat in the cybersecurity landscape.

Read Full Article

like

24 Likes

share

5 Shares

source image

Tech Radar

2M

read

445

img
dot

Image Credit: Tech Radar

RICO crypto fraud investigation leads to twelve more arrests

  • 12 people have been charged in a RICO case involving cryptocurrency theft, money laundering, and more.
  • The group is accused of stealing over $263 million and using social engineering tactics to deceive victims.
  • The stolen cryptocurrency proceeds were laundered through various mixers and exchanges to mask identities.
  • In the first quarter of 2025, over $1.5 billion in crypto was lost to theft or scams, with a minimal percentage returned to victims.

Read Full Article

like

26 Likes

share

6 Shares

source image

Tech Radar

2M

read

64

img
dot

Image Credit: Tech Radar

Global Russian hacking campaign steals data from government agencies

  • A major cyber-espionage campaign called RoundPress, attributed to APT28 (Fancy Bear), utilized multiple zero-day and n-day vulnerabilities to eavesdrop on government email communications.
  • The campaign targeted victims in several countries across Eastern Europe, Africa, and Latin America, sending phishing emails containing malicious JavaScript code to steal email data.
  • The attackers exploited cross-site scripting (XSS) flaws in webmail servers to collect login credentials, email messages, contacts, 2FA information, and more, exfiltrating the data to a C2 address.
  • Government organizations, military entities, defense companies, and critical infrastructure firms were among the victims of this hacking campaign, which leveraged vulnerabilities in Roundcube, MDaemon, Horde, and Zimbra.

Read Full Article

like

3 Likes

share

Share

source image

Amazon

2M

read

197

img
dot

Image Credit: Amazon

AWS machine learning supports Scuderia Ferrari HP pit stop analysis

  • Formula 1 pit stop analysis has been modernized with AWS machine learning, aiding Scuderia Ferrari HP in developing accurate techniques.
  • Previously, manual review of video footage and telemetry data was time-consuming, now AWS solution synchronizes data 80% faster.
  • Scuderia Ferrari HP leverages AWS cloud and ML to automate and centralize pit stop analysis, improving efficiency and accuracy.
  • AWS partnership helps Ferrari detect errors faster, comply with budget caps, and innovate on and off the track.
  • The ML-powered pit stop analysis syncs video with telemetry data, identifying anomalies automatically during pit stops.
  • Model trained using YOLO v8 algorithm and PyTorch framework provides greater consistency and reliability in pit stop performance.
  • Automated correlation of video progression and telemetry data helps refine processes and reduce errors affecting race results.
  • The solution, deployed at the 2024 Japanese Grand Prix, records faster pit stops like the season best of 2 seconds flat in Saudi Arabia.
  • The workflow involves using AWS Lambda, SageMaker AI, Amazon ECS, and Amazon S3 to streamline the pit stop analysis process.
  • AWS solution enables real-time insights, systematic review, and identification of patterns to enhance pit crew performance.

Read Full Article

like

11 Likes

share

2 Shares

source image

Pymnts

2M

read

73

img
dot

Image Credit: Pymnts

Coinbase Says Cybersecurity Incident Could Cost It $400 Million

  • Coinbase disclosed a cybersecurity incident that could cost it up to $400 million.
  • The company's investigation is ongoing, with estimated expenses ranging from $180 million to $400 million for remediation and customer reimbursements.
  • The cyberattack involved data stolen from Coinbase, used for social engineering trickery leading to an attempted $20 million extortion.
  • Coinbase is setting up a $20 million reward fund for information on the cyberattackers, as social engineering fraud rises by 56%.

Read Full Article

like

4 Likes

share

1 Share

source image

Kaspersky

2M

read

257

img
dot

Image Credit: Kaspersky

Ransomware group uses ClickFix to attack businesses

  • Ransomware group Interlock is using the ClickFix technique to target businesses, posing as the Advanced IP Scanner website.
  • Interlock lures victims to a fake CAPTCHA page imitating Cloudflare, tricking them into executing a malicious PowerShell command.
  • Once the command is executed, a fake PyInstaller installer launches, allowing Interlock to collect system information and deploy malware like a remote access Trojan.
  • To protect against ClickFix attacks, it is recommended to raise employee awareness, install reliable protection on devices, monitor for suspicious activities, and consider external threat hunting services.

Read Full Article

like

15 Likes

share

3 Shares

source image

TechDigest

2M

read

96

img
dot

Image Credit: TechDigest

UK-based Scattered Spider hackers turning attention to US retailers

  • UK-based hacking group Scattered Spider has shifted its cyber-attack focus from British retailers to US retailers, including Marks & Spencer and the Co-op.
  • Google cybersecurity experts warn US retailers of potential cyber threats from Scattered Spider, emphasizing the group's tactics of impersonating employees to gain access to company systems.
  • Scattered Spider members based in the UK are facilitating cyber intrusions, prompting warnings from the UK's National Cyber Security Agency to review IT help desk procedures.
  • The group, consisting of native English speakers from the UK, US, and Canada, engages in ransomware and extortion operations targeting US retail sectors, as highlighted by Google Threat Intelligence Group analysts.

Read Full Article

like

5 Likes

share

1 Share

source image

Tech Radar

2M

read

36

img
dot

Image Credit: Tech Radar

Chrome patched this bug, but CISA says it's still actively exploited

  • Google patched a new Chrome bug recently.
  • The US Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation.
  • Federal Civilian Executive Branch (FCEB) agencies have three weeks to update Chrome or stop using the browser altogether to address the CVE-2025-4664 flaw.
  • The bug, which allows remote threat actors to leak cross-origin data via a crafted HTML page, needs to be addressed due to the risks it poses to cybersecurity.

Read Full Article

like

2 Likes

share

Share

source image

Cybersecurity-Insiders

2M

read

55

img
dot

Image Credit: Cybersecurity-Insiders

Ransomware attacks on education sector go unreported for months

  • Countries like the United Kingdom, the United States, Australia, and Canada have cyber laws mandating organizations to report ransomware incidents within 48 to 72 hours.
  • A study by Comparitech reveals that U.S. educational institutions take an average of 4.8 months to disclose ransomware data breaches, sometimes waiting up to six months.
  • Many ransomware incidents in the education sector are only discovered when stolen data appears on the dark web, as institutions often remain silent until external exposure.
  • Delayed disclosure of breaches raises ethical and legal concerns, putting students, parents, and educators at risk of identity theft and cyber-related harm.

Read Full Article

like

3 Likes

share

Share

source image

Tech Radar

2M

read

445

img
dot

Image Credit: Tech Radar

Hackers steal customer data in Nova Scotia Power cyberattack

  • Nova Scotia Power experienced a cyberattack in March 2025, leading to the theft of sensitive customer data such as names, SSNs, and banking information.
  • The stolen data includes a variety of personal and financial details, posing a risk of identity theft and wire fraud for the affected customers.
  • The company is providing free identity theft monitoring for impacted individuals and has not found evidence of data abuse so far.
  • Customers are advised to stay vigilant against potential phishing attempts and unsolicited communications posing as Nova Scotia Power representatives.

Read Full Article

like

26 Likes

share

6 Shares

source image

Siliconangle

2M

read

404

img
dot

Image Credit: Siliconangle

AI leaders stare down limits as they keep spending big

  • AI leaders continue to spend significantly, with IPOs like eToro rising but overall IPO market still uncertain.
  • Software-only cloud hyperscalers like Salesforce are emerging, while doubts grow around the sustainability of cutting-edge AI models.
  • Companies like Meta face challenges as they delay mega-model releases and question the effectiveness of reasoning models.
  • Despite ongoing investments in AI, concerns about profitability arise, especially with some companies experiencing low revenue.
  • The quantum computing sector sees investments in startups like Classiq, although commercial viability remains a distant prospect.
  • Amidst a bustling tech event week, including Dell Tech World and Google I/O, several earnings reports are expected.
  • Key developments include AI advancements by Google DeepMind and OpenAI, acquisitions by Salesforce and Databricks, and new AI tools by various companies.
  • Financial activities include IPO preparations by Chime and Pony AI, acquisitions, and significant funding rounds for AI startups.
  • Policy discussions involve Trump's views on business strategies and ongoing cyber incidents, like the data breach at Coinbase.
  • Across the tech industry, quantum computing gains attention with investments in companies like Classiq, along with acquisitions such as Robinhood acquiring WonderFi.
  • Notable industry movements include executive changes at companies like Cisco, Microsoft, and Lidar startup Luminar Technologies.

Read Full Article

like

24 Likes

share

5 Shares

source image

Pymnts

2M

read

431

img
dot

Image Credit: Pymnts

How Lawmaker Revisions to GENIUS Act Could Impact US Stablecoin Market

  • U.S. lawmakers are proposing revisions to the GENIUS Act, aiming to provide regulatory clarity for dollar-backed stablecoins within the country.
  • Negotiations for the GENIUS Act are ongoing, with Democrats seeking amendments around consumer protection, bankruptcy, and financial controls for stablecoin issuers.
  • The revised GENIUS Act includes provisions for consumer protection laws, bans on promoting yield features, and restrictions on certain companies issuing stablecoins.
  • The bill could redefine the future of finance in America by addressing stablecoin market regulations and balancing innovation with oversight.

Read Full Article

like

25 Likes

share

6 Shares

source image

Tech Radar

2M

read

257

img
dot

Image Credit: Tech Radar

Be on the lookout for deepfake and AI government officials, FBI warns

  • The FBI has warned about cybercriminals impersonating senior US officials using deepfake and generative artificial intelligence technology.
  • The attackers are carrying out sophisticated smishing and vishing attacks by creating credible audio and text messages to deceive victims.
  • Phishing messages leverage people's emotions to trick victims into sharing sensitive information.
  • The FBI advised verifying identities and listening carefully to voice messages for inconsistencies to stay safe from such attacks.

Read Full Article

like

15 Likes

share

3 Shares

source image

TechBullion

2M

read

349

img
dot

Image Credit: TechBullion

Strata Horizon: The UAE-Based Cybersecurity Partner for Governments and Critical Infrastructure

  • Strata Horizon is a UAE-based cybersecurity partner specializing in providing tailored solutions for governments and critical infrastructure.
  • The company offers enterprise-grade, AI-powered cybersecurity solutions for high-risk environments like national data centers, hospitals, and aviation systems.
  • Strata Horizon differentiates itself through its understanding of regional security frameworks, global compliance standards, and deployment of custom solutions for government entities.
  • Their cybersecurity solutions include threat detection powered by AI, secure network architecture for cloud environments, and 24/7 monitoring with localized support, catering to institutions globally.

Read Full Article

like

21 Likes

share

4 Shares

source image

Dev

2M

read

229

img
dot

Image Credit: Dev

How does Authentication work & different types

  • Authentication is the process of verifying if a person is who they claim to be before granting access to an application or data.
  • Common authentication methods include Username + Password, Token-Based Authentication (like JWT), OAuth (Login with Google, Facebook, etc.), Multi-Factor Authentication (MFA), and API Key.
  • Different authentication methods provide varying levels of security, with MFA adding extra layers of protection, OAuth offering smoother user experience, and API Key enabling controlled access for services and developers.
  • An analogy of authentication in a nightclub: Username + Password is like a guest list check, Token is like a hand stamp, OAuth is like a friend with VIP access, MFA is like ID + Text Confirmation, and API Key is like a staff badge.

Read Full Article

like

13 Likes

share

3 Shares

Prev

140
141
142
143
144
145
146
147
148
149
150

Next

For uninterrupted reading, download the app