A naukri.com initiative
Cyber Security News
Idownloadblog
2M
202
Image Credit: Idownloadblog
Alfiecg_dev shares details about an updated untethered iOS 14 jailbreak that uses the Trigon exploit
- Security researcher @alfiecg_dev introduces an updated untethered iOS 14 jailbreak using the Trigon exploit.
- The original Trigon exploit had limited support for older devices and firmware due to a kernel panic issue with A11 devices, which has now been resolved.
- The newer version of Trigon now supports A7-A9 and A11 devices, offering increased stability, faster response time, and cleaned up code.
- While the updated Trigon exploit will be released for all arm64 devices in the future, there is no specific timeline provided by @alfiecg_dev yet.
Read Full Article
12 Likes
Dev
2M
41
Image Credit: Dev
15 Laravel Security Best Practices You Should Follow in 2025
- Laravel is a popular PHP framework known for its security features, but developers need to follow best practices to ensure safety.
- Key security practices include keeping Laravel updated, preventing SQL injection, avoiding XSS, implementing CSRF protection, and using built-in auth.
- Additional measures include secure password storage, protecting .env files, enforcing HTTPS, validating file uploads, and securing cookies.
- Other recommendations involve monitoring for suspicious activity, vetting third-party packages, running security audits, and emphasizing security as a continuous effort.
Read Full Article
2 Likes
Dev
2M
114
Image Credit: Dev
Why Developers Seek an Auth0 Alternative
- Many developers seek an alternative to Auth0 due to the high cost of its paid Basic plan, which starts at $525/month for 7.5K active users.
- Top community-recommended alternatives include Cloud-Provider Auth Services like AWS Cognito, Azure B2C, and Google Identity Platform, Backend-as-a-Service options like Firebase Auth and Supabase Auth, and Self-Hosted Open-Source solutions like Keycloak, Ory Kratos, Supertokens, and Authgear.
- Key considerations before switching to an alternative include calculating total cost based on expected growth, assessing feature requirements, evaluating maintenance overhead for self-hosting, checking vendor lock-in policies, and considering community support.
- By evaluating factors such as cost, complexity, and required features, developers can choose a solution that aligns with their technical needs and budget, whether it's a serverless BaaS, a self-hosted IAM, or a custom-built solution.
Read Full Article
6 Likes
Siliconangle
2M
427
Image Credit: Siliconangle
Proofpoint to acquire Hornetsecurity in move to expand Microsoft 365 threat protection
- Proofpoint Inc. has announced its agreement to acquire Hornetsecurity GmbH, a Germany-based provider of Microsoft 365 security services.
- The deal, reportedly over $1 billion, will enhance Proofpoint's ability to offer human-centric security to small and mid-sized businesses globally through managed service providers.
- Hornetsecurity's offerings include 365 Total Protection for Microsoft 365 users, email continuity, archiving solutions, and backup and recovery services.
- The acquisition aligns with Proofpoint's goal to extend its security platform for MSPs and SMBs, deepen its investment in European markets, and support global growth strategy.
Read Full Article
25 Likes
Medium
2M
335
Image Credit: Medium
Smart Social Media Security Strategies for Business
- Having a social media policy in place is crucial for businesses to ensure responsible social media use and deal with PR and legal issues effectively.
- Employee training on social media security is essential to make them aware of policy guidelines, latest trends, and potential risks on social networks.
- Limiting access to social media accounts within the organization can help prevent data breaches and mitigate negative impacts.
- Using tools like BitWarden or encrypted Zip files for sharing passwords and adopting consistent brand handles across all social media accounts are recommended strategies for better social media security.
Read Full Article
20 Likes
TronWeekly
2M
312
Image Credit: TronWeekly
Coinbase Launches $20M Bounty Countering Previous Ransom Threat
- Coinbase has refused to pay a $20 million ransom after a breach and launched a matching $20 million bounty for convicting the hacker.
- Hackers bribed overseas support staff to access limited user data; however, no passwords or funds were stolen.
- The ransom demand came after attackers got access to user data by bribing Coinbase customer support services overseas.
- Coinbase is enhancing security measures, relocated some support teams, and initiated a $20 million reward to assist in finding and convicting the hackers.
Read Full Article
18 Likes
Medium
2M
266
Image Credit: Medium
Beyond the Blueprint: Understanding the 7 Critical Phases of Cyber Incident Response
- Cyber incident response involves seven critical phases that provide a structured and systematic approach to handling security incidents.
- The phases include Preparation, Identification, Analysis, Containment, Eradication, Recovery, and Lessons Learned / Post-Incident Activity.
- Mastering these phases is essential for minimizing damage, ensuring a quick recovery, and strengthening defenses against future cyber threats.
- Constantly reviewing and updating the Cybersecurity Incident Response Plan based on real or simulated incidents is crucial for organizational resilience.
Read Full Article
16 Likes
Arstechnica
2M
328
Image Credit: Arstechnica
FBI warns of ongoing scam that uses deepfake audio to impersonate government officials
- The FBI is warning of an ongoing scam using deepfake audio to impersonate government officials.
- Malicious actors are targeting individuals, including senior US officials, using AI-generated voice messages.
- The scammers aim to trick recipients into clicking on links that can infect their computers.
- Deepfakes mimic voices and speaking characteristics of specific individuals, making it hard to distinguish between authentic and simulated speakers.
Read Full Article
19 Likes
Tech Radar
2M
294
Image Credit: Tech Radar
Australian Human Right Commission leaks docs and personal information in browser indexing mishap
- The Australian Human Rights Commission (AHRC) inadvertently exposed personal information through a data breach involving attachments uploaded to the Commission's web forms.
- Around 670 documents were potentially accessible in error, with about 100 being accessed online through search engines like Bing or Google, prompting the Commission to address the breach.
- The breach affected webforms related to various projects, including the 'Speaking from Experience Project,' 'Human Rights Awards 2023 nominations,' and the 'National Anti-Racism Framework concept paper.'
- The AHRC confirmed that affected individuals have been notified, and the breach was not due to malicious intent. Specific details of the exposed personal information have not been disclosed yet.
Read Full Article
17 Likes
Securityaffairs
2M
64
Image Credit: Securityaffairs
Nova Scotia Power discloses data breach after March security incident
- Nova Scotia Power confirmed a data breach after a security incident in April where sensitive customer data was stolen.
- In April, Nova Scotia Power and Emera experienced a cyber attack affecting their IT systems without causing power outages.
- The companies shut down affected servers due to unauthorized network access detected on April 25, impacting customer services.
- The data breach involved theft of customer information including names, contact details, account history, driver’s license numbers, and Social Insurance Numbers.
Read Full Article
3 Likes
Medium
2M
183
Image Credit: Medium
The Great Steam “Hack” of 2025
- Headlines blared about '89 Million Steam Accounts Hacked', causing a stir in the gaming community.
- Hackers attempted to sell secret data for $5,000, but the actual 'stolen' data turned out to be expired SMS 2FA codes and unlinked phone numbers.
- Valve dismissed the incident as no breach, clarifying that only outdated codes were involved.
- Ultimately, the hackers did not gain access to valuable information like passwords or credit card details, leaving the gaming world relieved.
Read Full Article
11 Likes
The Verge
2M
13
Image Credit: The Verge
Coinbase says ‘rogue’ support agents helped steal customer data
- Coinbase disclosed that 'rogue' support agents were involved in helping cyber criminals steal customer data and deceive victims into sending money to attackers.
- As a result of the attack, a 'small subset of users' had their names, addresses, phone numbers, government IDs images, account data, and partial social security numbers compromised.
- Coinbase received an email from a threat actor demanding $20 million to prevent the exposure of certain Coinbase accounts, but the company refused to pay.
- Coinbase is collaborating with law enforcement, terminated the involved personnel, and plans to press criminal charges. The attackers did not access login credentials, 2FA codes, or private keys but the company could spend $180 million to $400 million repaying affected customers.
Read Full Article
Like
TronWeekly
2M
166
Image Credit: TronWeekly
Telegram Silently Dismantles $27B Darknet Giant Haowang Guarantee
- Telegram shut down the darknet marketplace Haowang Guarantee, formerly Huione Guarantee, following its clampdown on associated accounts and channels on May 13.
- Haowang Guarantee was involved in billions of dollars worth of illicit crypto transactions and was known for enabling online fraud, cybercrimes, and large-scale cryptocurrency laundering.
- Blockchain company Elliptic identified over $27 billion in contraband crypto-transactions linked to Haowang Guarantee, predominantly processed through Tether stablecoin.
- Despite the closure of Haowang Guarantee, another darknet market named Xinbi Guarantee has emerged on Telegram, conducting $8.4 billion in crypto transactions primarily through stablecoins.
Read Full Article
9 Likes
Embedded
2M
41
Microchip Introduces MEC175xB Controllers with Hardware-Based Post-Quantum Cryptography for CNSA 2.0 Compliance
- The National Security Agency (NSA) introduced the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) to establish quantum-resistant cryptography standards.
- Microchip Technology developed the MEC175xB family of embedded controllers with immutable post-quantum cryptography directly in hardware.
- MEC175xB controllers support CNSA 2.0-compliant cryptographic techniques approved by NIST and feature secure boot options for enhanced system integrity.
- The controllers, powered by an Arm Cortex-M4F processor, offer 480 KB of SRAM, I3C host/client functionality, and USB 2.0 interface for versatile connectivity in applications.
Read Full Article
2 Likes
Medium
2M
151
Image Credit: Medium
Strangers in the Sky Club
- A woman experienced a surreal text exchange with a stranger who mistook her for someone else while sitting in the Delta Sky Club, leading to a series of coincidences and digital overlaps.
- The man, Jesse, thought he was texting Natalie from A. for a research project meeting, unaware that he had actually contacted a different Natalie who was writing about digital identity and career pivots at the time.
- Despite the confusion, the encounter felt algorithmic and purposeful, revealing the accidental connections and digital overlaps that shape modern interactions and identities.
- The incident highlighted how mistaken messages can unexpectedly lead to candid and validating conversations, emphasizing the complex nature of human connection and digital identity in today's age.
Read Full Article
9 Likes
For uninterrupted reading, download the app