Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Medium

Image Credit: Medium

Your May 2025 Blueprint for Digital Safety: Outsmarting Today’s Cyber Threats

Recent reports show a rise in global cyber attacks, with sophisticated methods being used by cybercriminals and state-linked actors.
Microsoft's 2024 Digital Defense Report revealed customers face 600 million daily cyber attacks.
Verizon's 2025 Data Breach Investigations Report highlighted alarming developments in cyber threats.
CrowdStrike's 2025 Global Threat Report indicated a significant increase in activity linked to the Chinese government.
Fileless malware attacks are growing, making it hard for traditional antivirus software to detect them.
Deepfake technology is being used for scams, leading to financial losses exceeding $200 million.
NIST released version 2.0 of its Cybersecurity Framework to counter growing threats with improved guidelines.
NIST also introduced a draft of version 1.1 of its Privacy Framework to manage privacy risks effectively.
ISO 27001:2022 standard was updated to include considerations for climate action, impacting organizations' operations.
OWASP Foundation released the Mobile Top 10 for 2024, highlighting significant risks in mobile security.
SIM swapping, supply chain attacks, and privacy concerns are among the emerging cybersecurity threats.
Protecting user data through Privacy by Design and implementing incident response plans are crucial for cybersecurity.
MITRE introduced version 17 of its ATT&CK framework to help organizations combat evolving cyber threats.
Continuously monitoring threats and adapting defense strategies are key for strong cybersecurity in 2025.

Read Full Article

1 Like

Tech Radar

101

Image Credit: Tech Radar

Personal information leaked in Coinbase cyberattack, cost could be $400 million

Coinbase, a major cryptocurrency exchange, was targeted in a cyberattack with potential losses between $180 million to $400 million.
The attack involved criminals bribing overseas employees to obtain internal documents and sensitive data of certain customer accounts.
Although passwords and user funds were not impacted, a ransom demand of $20 million was made, which Coinbase refused to pay.
Coinbase is now offering a $20 million bounty for information on the hackers, amidst increased scrutiny and challenges faced by the cryptocurrency industry.

Read Full Article

6 Likes

Medium

Image Credit: Medium

The Rise of Tech Jobs in Sustainable Energy: A Bright Green Future.

The sustainable energy sector is experiencing rapid growth due to innovation, regulatory changes, and the need to address climate change.
Key trends driving tech job growth in sustainable energy include decarbonisation initiatives, digital transformation, and energy decentralisation.
Top in-demand tech jobs in sustainable energy include Data Scientists, AI Engineers, Software Developers, Cybersecurity Experts, and Blockchain Developers.
Industries leading in sustainable tech jobs include energy tech firms, major tech companies like Google and Microsoft, government projects, and consulting/engineering firms.

Read Full Article

1 Like

Lastwatchdog

312

SHARED INTEL Q&A: AI in the SOC isn’t all about speed — it’s more so about smoothing process

Despite investments in threat feeds and automation platforms, intelligence struggles to translate into timely action for SOCs, as seen in the case of Volt Typhoon breaches continuing despite CISA advisories.
Monzy Merza of Crogl advocates for building systems that learn and adapt to how an organization functions to bridge the gap between intelligence and action in cyber defense.
Traditional playbooks fall short in operationalizing threat intel because they require reverse-engineering advisories into the SOC's context, creating friction and inefficiencies in responding to threats.
Crogl's 'knowledge engine' differs from traditional SOAR platforms by adapting to messy, fragmented data and evolving team behaviors, offering adaptive workflows that reduce false positives and reflect real-world operations.
Process intelligence, as emphasized by Crogl, involves understanding the unique workflows and norms of each organization to make smart decisions based on contextual knowledge rather than reacting to anomalies in isolation.
Crogl rejected the typical SaaS model for transparency and control, allowing customers to inspect and trace every decision within the platform, aligning it with compliance frameworks and offering deployment flexibility.
As AI becomes more embedded in SOCs, the focus is shifting towards tools that can adapt to evolving data and processes without breaking, as well as towards AI that not only provides answers but asks better questions to help analysts stay ahead of threats.
Journalist Byron V. Acohido highlights the importance of making the internet private and secure and acknowledges the role of AI in contributing to the efficiency and effectiveness of SOCs in cybersecurity.

Read Full Article

18 Likes

Discover more

Securityaffairs

326

Image Credit: Securityaffairs

Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without explicit consent, facing threats of a lawsuit from privacy group noyb.
Meta intends to use public data from EU adults for AI training, emphasizing the need to reflect European diversity.
The company postponed AI model training last year due to data protection concerns raised by Irish regulators.
Noyb issued a cease-and-desist letter to Meta regarding the use of EU personal data for AI systems without opt-in consent.
Meta states it does not use private messages and excludes data from EU users under 18 for AI training.
The Austrian privacy group argues that Meta's AI training practices may violate GDPR by not requiring opt-in consent.
Meta defends its AI data practices, claiming compliance with European Data Protection Board guidance and Irish privacy regulations.
Noyb insists on the necessity of opt-in consent for AI training, challenging Meta's reliance on 'legitimate interest' as inadequate.
Meta faces potential legal risks due to its opt-out approach for AI training, risking injunctions and class action lawsuits.
Concerns raised include Meta's decision to gather user data for AI without explicit consent and its impact on GDPR compliance.

Read Full Article

19 Likes

Socprime

436

Image Credit: Socprime

Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure

A critical vulnerability in SAP NetWeaver, identified as CVE-2025-31324, is being actively exploited by Chinese APT groups to target critical infrastructure systems.
China-linked nation-state groups, likely associated with China’s Ministry of State Security, are attributed to these intrusions.
Multiple China-nexus adversaries are exploiting the SAP NetWeaver flaw CVE-2025-31324 since April 2025.
Security professionals can access detection rules for CVE-2025-31324 exploit linked to China-nexus groups on the SOC Prime Platform.
The exploitation campaigns focus on infiltrating critical infrastructure and establishing long-term access to global networks.
Chinese APT groups are actively targeting sectors like natural gas distribution, water management, medical device manufacturers, oil and gas firms, and government ministries.
The campaign exploited a zero-day vulnerability, backdooring SAP NetWeaver instances with web shells and maintaining access through various tools like KrustyLoader and SNOWLIGHT.
The attackers are identified as UNC5221, UNC5174, and CL-STA-0048, known for deploying web shells, reverse shells, and various malware tools.
China-affiliated threat groups are expected to continue exploiting vulnerabilities in enterprise software to target critical infrastructure globally.
Users are advised to upgrade SAP NetWeaver instances and implement mitigation measures as suggested by SAP Security Notes.

Read Full Article

26 Likes

The Register

317

Image Credit: The Register

From hype to harm: 78% of CISOs see AI attacks already

AI is being used for both positive and malicious purposes, with cybercriminals leveraging AI for sophisticated attacks while security leaders must implement adaptive, AI-augmented defenses to mitigate risks.
74% of cybersecurity IT professionals are concerned about AI-related risks, with generative AI fueling social engineering attacks and cybercriminals using AI-powered malware and tactics like lateral movement.
Spotting AI attacks requires looking for increased sophistication in phishing attempts, malware types, and social engineering tactics, although it may be challenging to definitively attribute attacks to AI.
While attackers leverage AI, many security professionals feel unprepared for AI-driven threats, citing a lack of cybersecurity personnel as a major barrier in defending against evolving cyber threats.
Despite concerns, 95% of respondents believe AI can enhance cyber defenses, bringing significant time savings, but there are reservations around data privacy, governance, and compliance with regulations like GDPR.
Organizations prioritize AI-powered cybersecurity solutions to bridge the skills gap, with 88% benefiting from AI's preventive defense capabilities, although there is a need for better understanding of AI types for effective utilization.
Integrating AI security solutions into broader platforms and adopting a preventative defense stance are common strategies among organizations to combat escalating cyber threats and move away from reactive approaches.
Darktrace's ActiveAI Security Platform offers a multi-layered approach using supervised, unsupervised, and statistical machine learning models to identify threats, strengthen cybersecurity controls, provide automated responses, and enhance threat detection beyond traditional methods.
By correlating and investigating security incidents across various environments, Darktrace enables security professionals to proactively defend against novel threats and automate security functions for efficient incident response.
As threat actors increasingly leverage AI, defenders need to quickly adapt by leveraging advanced AI-powered defenses like Darktrace's platform to stay ahead of evolving cybersecurity threats and enhance their security posture.

Read Full Article

19 Likes

Eu-Startups

408

Czech investment fund Rockaway Ventures targets game-changing tech with new €55 million raise

Prague-based Rockaway Ventures, the investment fund of Rockaway Capital, raised €55 million for its second fund, Rockaway Ventures II, to support early-stage startups in Central and Eastern Europe (CEE) and other emerging markets.
The fund focuses on early-stage investments, particularly in sectors like energy, defense, and dual-use technologies, aiming to provide support throughout startups' growth journeys.
Rockaway Ventures, established in 2014, invests mainly in areas of expertise within the Rockaway Capital group, including retail, e-commerce, cybersecurity, defense, CleanTech, and PropTech.
The current fund plans to expand its portfolio by investing 60% in CEE companies and 40% in Western Europe and diaspora-led startups from Czechia, with notable investments including Apaleo, CulturePulse, and Gjirafa.

Read Full Article

24 Likes

Securityaffairs

151

Image Credit: Securityaffairs

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Over half of firms adopted AI in 2024, but concerns are rising over data security and privacy risks associated with cloud tools like Azure OpenAI.
Enterprises are increasingly leveraging cloud-based platforms such as Azure OpenAI, AWS Bedrock, and Google Bard for AI applications, leading to productivity gains but also exposing them to new risks in terms of data security and privacy.
The use of generative AI platforms like Retrieval-Augmented Generation (RAG) introduces risks related to data exposure, misconfigurations, and overexposure, especially when access controls are not properly managed.
To mitigate these risks, companies need to enforce strict role-based access controls, secure training data, monitor AI models for unauthorized access, and implement proactive AI data governance practices to ensure privacy, compliance, and trust in AI innovations.

Read Full Article

9 Likes

Securityaffairs

367

Image Credit: Securityaffairs

Google fixed a Chrome vulnerability that could lead to full account takeover

Google released emergency security updates to fix a Chrome vulnerability (CVE-2025-4664) that could lead to full account takeover.
The vulnerability, discovered by security researcher Vsevolod Kokorin, allowed for the leaking of cross-origin data via a crafted HTML page.
Google warned of a public exploit for the high-severity flaw, and patched it in Chrome's Stable Desktop channel with updates in versions 136.0.7103.113 and 136.0.7103.114.
In March 2025, Google addressed another high-severity vulnerability (CVE-2025-2783) actively exploited in attacks targeting organizations in Russia, related to Mojo on Windows.

Read Full Article

22 Likes

HRKatha

395

Image Credit: HRKatha

Were Coinbase employees responsible for data leak to hacker?

A hacker has bribed Coinbase Global's contractors or employees outside the US to access confidential customer information and is now demanding a $20 million ransom.
The hacker bribed customer-support employees to obtain customer data like names, addresses, and government identity pictures to potentially use in scams and extort money from the exchange.
Coinbase CEO Brian Armstrong revealed the ransom demand on social media and stated that the breach may cost the exchange up to $400 million.
Coinbase is improving security measures, offering compensation to affected users, and is ready to pay a $20 million reward for information leading to the hacker's apprehension.

Read Full Article

23 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Dior likely hit by ransomware attack

Dior, the renowned French luxury fashion brand, has fallen victim to a ransomware attack, compromising sensitive customer information.
The breach exposed personal details like names, mobile numbers, email addresses, and purchase history but did not include financial information.
Dior is actively investigating the breach, implementing security measures, and warning customers about potential phishing scams.
This incident highlights the growing trend of cybercriminals targeting retail brands for personal data, emphasizing the importance of online security measures.

Read Full Article

3 Likes

TechJuice

248

Image Credit: TechJuice

Researchers Hide Invisible Secret Messages in Plain Text Using AI

Researchers have developed EmbedderLLM, a steganographic approach using AI to hide secret messages in plain text.
EmbedderLLM technique inserts hidden data into natural-sounding text that can only be retrieved by a specific extraction algorithm.
This technique blends steganography with large language models to conceal messages within generated text effectively.
While this method allows for secure communication, it also raises concerns about security risks and potential misuse by criminals or spies.

Read Full Article

14 Likes

Docker

2.2k

Image Credit: Docker

Docker at Microsoft Build 2025: Where Secure Software Meets Intelligent Innovation

At Microsoft Build 2025, Docker emphasizes blending developer experience, security, and AI innovation in their latest product announcements.
Docker's vision focuses on AI-native software delivery, simplifying security, and streamlining agentic AI development in familiar environments.
During the conference, Docker will showcase product demos at Booth #400 and host an evening event at the Museum of Pop Culture to introduce their latest tools.
Attendees can learn about Docker's integration with security tools, AI development, and interact with their teams for hands-on experiences and insights.

Read Full Article

16 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

AI Governance Is Your Competitive Edge If You Treat It That Way

Many organizations rush ahead with AI initiatives without establishing the governance foundations needed to sustain them, treating AI governance as a compliance checkbox rather than embedding it from the beginning.
Lack of strong governance can lead to issues like bias, security gaps, and explainability failures surfacing too late and becoming costly to fix.
Proper governance from the start can prevent costly repercussions like biased outcomes in algorithms affecting specific groups, leading to regulatory scrutiny and loss of trust.
Effective governance, as seen in a healthcare organization example, involves cross-functional teams, transparent documentation, and testing protocols, enabling faster deployment and wider adoption of AI solutions.
Red-teaming and adversarial testing play a critical role in stress-testing AI governance principles and making them operational under real-world conditions.
Starting AI governance at the data layer before focusing on models is crucial to ensure data privacy, integrity, and security, preventing vulnerabilities like bias and drift.
Establishing decision rights, forming cross-functional teams, defining governance metrics tied to business outcomes, and integrating governance into existing workflows are key steps for security and product leaders to mitigate risks.
Strong governance is essential for faster innovation, regulatory compliance, customer trust, and scalability, providing a competitive edge in an AI-driven economy.
Governance enables organizations to avoid the cycle of rework, launch confidently, and adapt responsibly to changes in AI models, particularly in high-stakes industries like finance, healthcare, and critical infrastructure.
In a competitive landscape driven by AI, treating governance as a growth lever rather than a hindrance can set organizations apart and build resilience against failures.

Read Full Article

5 Likes

For uninterrupted reading, download the app