menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Hackers-Arise

2M

read

294

img
dot

Image Credit: Hackers-Arise

Hacking Artificial Intelligence (AI) Large Language Models (LLMs)

  • Large Language Models (LLMs) like ChatGPT, Claude, and Llama have opened up new attack surfaces despite offering tremendous capabilities.
  • Techniques like the Context Ignoring Attack exploit the limitations in how LLMs process information to potentially bypass safeguards.
  • Prompt Leaking involves trying to extract system prompts to understand model limitations and create targeted attacks.
  • Role Play Attacks leverage the creative scenarios of LLMs to bypass safety measures by engaging the model in unethical roles.
  • Prefix Injection manipulates model responses by adding specific text at the beginning of queries, influencing the output.
  • Refusal Suppression attacks aim to stop LLMs from declining harmful queries by instructing them to avoid refusal statements.
  • Sophisticated attackers combine techniques like refusal suppression and context ignoring for more successful attacks.
  • Understanding vulnerabilities in LLMs is crucial as they become more integrated, leading to an escalating battle between exploiters and defenders.

Read Full Article

like

17 Likes

share

4 Shares

source image

Tech Radar

2M

read

114

img
dot

Image Credit: Tech Radar

Ivanti Neurons for ITSM could be targeted by authentication bypass flaw, so watch out

  • Ivanti has released a patch for a critical-severity vulnerability in Neurons for ITSM IT service management solution, allowing potential admin rights on target systems.
  • The vulnerability (CVE-2025-22462) affects on-prem instances before certain versions and can be exploited by remote unauthenticated actors.
  • No evidence of exploitation in the wild has been reported yet, but users are urged to apply the fix as a preventive measure.
  • Following Ivanti's security guidance can help reduce the risk of potential attacks, as organizations are advised to secure the IIS website and restrict access to specific IP addresses and domains.

Read Full Article

like

6 Likes

share

1 Share

source image

Wired

2M

read

151

img
dot

Image Credit: Wired

CFPB Quietly Kills Rule to Shield Americans From Data Brokers

  • The CFPB has scrapped plans to implement new rules aimed at restricting US data brokers from selling sensitive information about Americans.
  • The proposed rule, titled 'Protecting Americans from Harmful Data Broker Practices,' intended to require data brokers to obtain consent before selling personal information.
  • Acting director Russel Vought withdrew the proposal, citing updates to Bureau policies and a misalignment with the current interpretation of the Fair Credit Reporting Act.
  • Data brokers operate a lucrative industry by collecting and selling detailed personal information without individuals' knowledge, leading to privacy concerns.
  • Privacy advocates and organizations have criticized the withdrawal, emphasizing the risks posed by data brokers to national security and individuals' privacy.
  • The FTA urged the rule's withdrawal, claiming it exceeded the CFPB's mandate and would hinder fraud prevention efforts by financial institutions.
  • Experts warn that data brokers' practices can have severe consequences, from enabling scams and fraud to endangering public officials and survivors of domestic violence.
  • CFPB employees faced job terminations recently, reducing the agency's staff, amid calls by some to eliminate the agency altogether.
  • Concerns have been raised about data brokers' ability to track sensitive information, including military personnel locations, posing risks to national security.
  • The withdrawal of the CFPB rule has been met with criticism from various quarters, highlighting the need for regulations to address privacy and national security concerns.

Read Full Article

like

9 Likes

share

2 Shares

source image

Medium

2M

read

323

img
dot

Image Credit: Medium

How start a cybersecurity career in trivandrum :which is better?

  • Trivandrum is emerging as a hub for cybersecurity education and career growth, offering well-paying and stable job opportunities in the field.
  • With entry-level salaries starting at INR 3–6 LPA, there is potential for rapid growth in earnings for cybersecurity professionals in Trivandrum.
  • The city's expanding ecosystem, quality education, and industry demand make it conducive for budding cybersecurity specialists to flourish, offering various entry points into the field.
  • Trivandrum provides ample opportunities for hands-on learning, training, internships, and job placements in the cybersecurity sector, with initiatives like Kerala Police Cyberdome boosting cybersecurity momentum in Kerala.

Read Full Article

like

18 Likes

share

4 Shares

source image

Hackernoon

2M

read

363

img
dot

Image Credit: Hackernoon

The HackerNoon Newsletter: The Startup Playbook Is a Lie. Ask Better Questions. (5/14/2025)

  • The HackerNoon Newsletter brings tech news including articles on DNA data privacy, decoding URLs, and cybersecurity threats like Cactus ransomware.
  • Top stories highlighted in the newsletter include 'The Startup Playbook Is a Lie. Ask Better Questions' and 'What Happens When Hackers Get Your DNA Data?'
  • One article presents a new Chrome extension for decoding dangerous URLs instantly, while another warns about the evolving cyber threat of Cactus ransomware in 2025.
  • The newsletter also encourages readers to answer the greatest interview questions of all time to consolidate technical knowledge and establish credibility in the tech community.

Read Full Article

like

21 Likes

share

5 Shares

source image

Pv-Magazine

2M

read

193

img
dot

Hidden devices found in Chinese-made inverters in the US, reports Reuters

  • Unexplained communication devices found inside Chinese-made inverters in the US are sparking reassessment of risks by US officials.
  • The devices include rogue communication devices not listed in product documents, found in some solar inverters and batteries from multiple Chinese suppliers.
  • Reuters reports that these hidden devices could potentially create undocumented communication channels, raising concerns about cybersecurity vulnerabilities.
  • European Solar Manufacturing Council expressed concern, calling for inverter security measures, amid growing discussion on cybersecurity in the European Union.

Read Full Article

like

11 Likes

share

2 Shares

source image

Lastwatchdog

2M

read

285

img
dot

News alert: INE Security highlights monthly CVE Labs aimed at sharpening real-world defense

  • INE Security emphasizes the importance of hands-on practice with the latest CVEs for security teams to shift from reactive to proactive defense.
  • With a surge in CVEs and shrinking exploit windows, practical experience is crucial in stopping attacks effectively.
  • INE Security's Skill Dive platform offers exclusive labs for practicing real vulnerabilities in a safe environment.
  • Challenges faced by security teams include risk prioritization, testing mitigations, and adapting defenses to diverse system configurations.
  • Skill Dive provides practice with current threats, helping prevent future breaches through attack pattern recognition and team coordination.
  • Hands-on training on actively exploited vulnerabilities like Log4Shell and Spring4Shell enables faster incident response.
  • INE Security's approach focuses on deliberate practice with monthly updates, realistic environments, and documentation on effective mitigations.
  • The platform includes labs for top-exploited vulnerabilities such as Cacti Import Packages RCE and Navidrome SQL Injection.
  • Regular practice with new vulnerabilities enhances defense capabilities and strategic advantage for security teams.
  • INE Security offers individual subscriptions and enterprise packages for Skill Dive, aiming to advance cybersecurity skills globally.

Read Full Article

like

17 Likes

share

4 Shares

source image

Cybersecurity-Insiders

2M

read

78

img
dot

Image Credit: Cybersecurity-Insiders

The Evolving Nature of DDoS Attacks: A Smokescreen for More Dangerous Threats

  • Distributed Denial of Service (DDoS) attacks have long been a common tactic used by cybercriminals to overwhelm websites by flooding them with fake or malicious traffic, disrupting services for legitimate users.
  • Recent research indicates a new trend where DDoS attacks are used as smokescreens to divert attention while cybercriminals carry out more targeted and damaging operations like data exfiltration and social engineering.
  • Hackers initiate DDoS attacks to draw attention, allowing them to exploit vulnerabilities in systems, steal sensitive data, and conduct stealthy activities while security teams are preoccupied with mitigating the DDoS attack.
  • To defend against evolving cyber threats, IT security teams are advised to enhance monitoring, implement layered security measures, develop response plans for dual-stage attacks, conduct regular security audits, and provide employee training on recognizing suspicious activities.

Read Full Article

like

4 Likes

share

1 Share

source image

Medium

2M

read

161

img
dot

Image Credit: Medium

Building a Real-Time API Token Leak Detection and Response System Using Python

  • API tokens are at risk of exposure through application logs, browser consoles, source code repositories, and error monitoring tools.
  • Building a real-time API token leak detection and response system involves scanning log streams, detecting tokens using regex and ML scoring, sending alerts, auto-revoking leaked tokens, maintaining a dashboard, and sending events to various platforms.
  • The system can be integrated with Slack, Microsoft Teams, SIEM platforms, and other tools for monitoring and responding to token leaks promptly.
  • Implementing this system using Python can enhance security practices and help in safeguarding organizations against financial and reputational damage from data leaks.

Read Full Article

like

9 Likes

share

2 Shares

source image

Tech Radar

2M

read

409

img
dot

Image Credit: Tech Radar

It's been 3 weeks since M&S suffered a cyberattack and, after suffering a £1 billion drop in marcap, they still aren't taking online orders

  • Marks & Spencer is still dealing with the aftermath of a cyberattack, with online orders remaining suspended three weeks after the incident.
  • Customer data stolen during the breach includes contact details such as names, addresses, phone numbers, dates of birth, and order histories, but no passwords or payment information.
  • The cybercriminals responsible for the attack utilized a cybercrime service called DragonForce, known for ransomware attacks, but no leaked M&S data has been posted on their darknet platform yet.
  • M&S has been working with cybersecurity experts to contain the breach and has notified relevant authorities, but full online functionality is still uncertain as the retailer faces the consequences of the cyber incident.

Read Full Article

like

24 Likes

share

5 Shares

source image

Medium

2M

read

409

img
dot

Stay One Step Ahead: Security Settings You Shouldn’t Ignore

  • Enable two-factor authentication (2FA) for added security in banking apps, email accounts, and services linked to money.
  • Opt for financial services that allow real-time card freezing and unfreezing to prevent unauthorized spending.
  • Set up push notifications or SMS alerts for all card transactions to detect fraud immediately.
  • Utilize fingerprint or facial recognition for additional security on financial apps, especially in case of a lost or stolen phone.

Read Full Article

like

24 Likes

share

5 Shares

source image

TechDigest

2M

read

207

img
dot

Image Credit: TechDigest

McAfee launches AI tool to combat rising tide of scams

  • McAfee has launched a new tool, McAfee’s Scam Detector, aimed at protecting individuals from increasing online scams, as Brits face an average of ten scam attempts daily.
  • The tool utilizes advanced AI to identify and block scams delivered via text, email, and video in real-time.
  • McAfee's Scam Detector offers high accuracy in text scam detection and goes beyond analyzing URLs by using contextual analysis to identify scams.
  • The tool is designed with a mobile-first approach and works across various apps and platforms, including iMessage, WhatsApp, Messenger, Gmail, Microsoft, and Yahoo.

Read Full Article

like

12 Likes

share

2 Shares

source image

Medium

2M

read

303

img
dot

Image Credit: Medium

PRIVACY: Is it a Myth? or just Perspective?

  • Privacy in the digital age is a complex and dynamic concept, constantly evolving due to the vast amount of personal information collected through social media and online platforms.
  • Various theories exist on the definition of privacy, with different perspectives on the importance of protecting personal information from misuse by companies and third parties.
  • The misuse of personal data, as seen in the Facebook-Cambridge Analytica scandal, highlights the challenges in understanding and controlling the extent of data collection by online services.
  • To protect privacy, measures such as implementing clearer privacy policies, laws, self-regulation efforts, and privacy-enhancing tools are essential in minimizing the collection of sensitive metadata.

Read Full Article

like

18 Likes

share

4 Shares

source image

Siliconangle

2M

read

285

img
dot

Image Credit: Siliconangle

Linux Foundation debuts Cybersecurity Skills Framework to address enterprise talent gaps

  • The Linux Foundation, with the Open Source Security Foundation and Linux Foundation Education, launched the Cybersecurity Skills Framework to address talent gaps in enterprises.
  • The framework aims to help organizations identify and improve cybersecurity competencies across various IT job families beyond cybersecurity specialists.
  • Despite high demand for cybersecurity roles, there are significant talent readiness gaps, with organizations facing challenges in hiring and onboarding skilled technical staff.
  • The Cybersecurity Skills Framework provides an easily adaptable and globally relevant guide for organizations to assess, develop, and incorporate essential cybersecurity skills into all IT roles to enhance security readiness.

Read Full Article

like

17 Likes

share

4 Shares

source image

Tech Radar

2M

read

372

img
dot

Image Credit: Tech Radar

Hacker advertises alleged database of 89 million Steam 2FA codes, source of leak unknown

  • A known cybercriminal and leaker, EnergyWeaponUser, is selling a new database allegedly containing more than 89 million Steam user records, phone numbers, and one-time access codes on the dark web.
  • The source of the leaked database remains unknown, with speculation that it may have originated from a supply chain attack on Twilio, a cloud communications platform that provides SMS and MMS messaging services for companies.
  • Twilio denied being breached and stated that there is no evidence to support the claim that the leaked data was obtained from their platform.
  • Steam is advising its users to enable Steam Guard Mobile Authenticator and monitor their account activity in response to this potential data leak.

Read Full Article

like

22 Likes

share

5 Shares

Prev

150
151
152
153
154
155
156
157
158
159
160

Next

For uninterrupted reading, download the app