Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

TechCrunch

174

Image Credit: TechCrunch

xAI’s promised safety report is MIA

Elon Musk's AI company xAI has missed the deadline to publish a finalized AI safety framework, as noted by watchdog group The Midas Project.
xAI previously released a draft framework at the AI Seoul Summit, outlining safety priorities and philosophy for future AI models.
Despite the draft, xAI failed to articulate risk mitigation plans and missed the May 10 deadline to revise its safety policy.
xAI's poor AI safety track record, highlighted by SaferAI study, raises concerns as other AI labs also face challenges in safety testing and reporting.

Read Full Article

10 Likes

Hackernoon

119

Image Credit: Hackernoon

INE Security Alert: Top 5 Takeaways From RSAC 2025

INE Security presented solutions for AI security, cloud management, and incident response readiness post RSAC 2025, focusing on top cybersecurity priorities.
Emerging concerns include AI-driven threats, multi-cloud vulnerabilities, and evolving attack vectors, with many organizations lacking effective ransomware response plans.
INE Security is addressing critical security imperatives highlighted from RSAC 2025, emphasizing the necessity of comprehensive training.
AI risk management is considered business-critical as the adoption of AI technologies increases cyber risks, requiring expertise to safeguard AI implementations.
Large Language Models (LLMs) pose vulnerabilities, leading to data breaches, requiring specialized roles like AI Security Analyst for defense against AI-specific attack vectors.
The complexity of securing multi-cloud environments is a growing concern, with misconfigurations being a prevalent risk and emphasizing the need for IAM hygiene and security audits.
Implementing zero trust architecture effectively proves challenging, highlighting the importance of unified security approaches and talents developed through cybersecurity certification programs.
Preparedness for crisis response is essential, with a focus on incident management skills and training to address critical gaps in response plans during cyber attacks.
INE Security offers practical solutions in AI security fundamentals, advanced cloud security, zero trust implementation, crisis management training, and continuous skill development to tackle modern cybersecurity challenges effectively.
The company emphasizes the necessity for comprehensive cybersecurity training to combat the increasing complexities in the cybersecurity landscape.

Read Full Article

7 Likes

Arstechnica

133

Image Credit: Arstechnica

Google introduces Advanced Protection mode for its most at-risk Android users

Google introduces Advanced Protection mode for Android to enhance security against attacks that infect devices, tap calls, and deliver scams.
It will be rolled out in the upcoming release of Android 16 to help defend against mercenary malware and exploit sellers.
The setting aims to combat attacks-as-a-service platforms that exploit zero-day vulnerabilities and capture sensitive information.
Google recommends the Advanced Protection mode for high-risk users like journalists and elected officials.

Read Full Article

8 Likes

TechCrunch

418

Image Credit: TechCrunch

Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit

A jury ordered NSO Group to pay over $167 million in damages to WhatsApp after a five-year legal battle.
The case revealed that NSO Group cut off some government customers for misusing its Pegasus spyware.
The trial disclosed details of the zero-click WhatsApp attack that downloaded Pegasus spyware via fake calls.
NSO Group confirmed testing Pegasus on a U.S. number for the FBI, but it was not deployed.
Pegasus' hacking methods are chosen by the system, not the government customers.
NSO Group's headquarters shares a building with Apple in Israel.
Despite the lawsuit, NSO Group continued targeting WhatsApp users using the spyware.
NSO Group disclosed having around 350-380 employees and facing financial challenges.
NSO Group spent millions on R&D expenses and its customers paid millions for Pegasus access.
The spyware maker claimed financial struggles and reluctance to pay damages in the trial.

Read Full Article

25 Likes

Discover more

Dev

426

Image Credit: Dev

Choosing a Cloud Provider? Here’s Why It’s More Than Just a Price Tag

Choosing the right cloud provider is a strategic decision for businesses in the digital transformation era.
Most businesses make the mistake of comparing cloud providers based only on cost or brand name.
Key factors often overlooked in cloud provider selection include compliance, hidden costs, developer experience, and multi-cloud options.
A detailed breakdown comparing AWS, Azure, and Google Cloud helps businesses make informed decisions tailored to their specific needs.

Read Full Article

25 Likes

Dev

299

Image Credit: Dev

Inside AWS S3 API Calls: Creating a Go-Based HTTPS Traffic Inspector

A Go-based tool is built to intercept HTTP and HTTPS traffic by creating an intercepting proxy.
It decrypts HTTPS traffic for debugging and displays detailed request and response information.
The tool works with command-line tools like curl and AWS CLI transparently.
HTTP proxies operate by forwarding requests from clients to target servers.
HTTPS requests require a 'Man-in-the-Middle' approach for intentional decryption.
Creating an initial HTTP proxy server that logs requests and returns an error.
Enhancing the proxy to handle HTTP requests, forward traffic, and log request and response details.
Adding support to handle HTTPS CONNECT requests for establishing tunnels.
Implementing TLS termination for decrypting HTTPS traffic and handling HTTP requests bidirectionally.
Configuring curl and AWS CLI to use the proxy and trust the custom CA certificate.
Understanding AWS S3 requests, including CONNECT requests, ListObjectsV2 API calls, and authentication.
Final refinements include improved request/response logging and certificate caching for better performance.

Read Full Article

18 Likes

Securityaffairs

441

Image Credit: Securityaffairs

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Interlock Ransomware attack on a defense contractor exposed global defense supply chain details, risking operations of top contractors and their clients.
Interlock Ransomware uncovered supply chain details of top defense contractors globally, leading to potential exposure of classified information and interest from foreign intelligence agencies and espionage groups.
Numerous documents related to global defense corporations were found in the leaked dataset released by Interlock Ransomware.
Ransomware attacks on defense contractors can have profound implications for national security, operational efficiency, financial stability, trust, and brand reputation, highlighting the need for robust cybersecurity measures and CMMC implementation.

Read Full Article

26 Likes

Siliconangle

354

Image Credit: Siliconangle

Kong debuts Kong Event Gateway for managing real-time data streams

Kong Inc. introduced Kong Event Gateway for managing real-time data streams powered by Apache Kafka.
The tool is part of Kong's platform called Konnect, used by over 700 companies, providing a single management solution for both APIs and Kafka-powered data streams.
The Kong Event Gateway acts as an intermediary between applications and Kafka data streams, providing authentication, encryption, and observability features.
It allows multiple workloads to share the same data stream without creating separate copies and offers Virtual Clusters for secure data access permissions.

Read Full Article

21 Likes

Siliconangle

208

Image Credit: Siliconangle

Island Technology’s ascent: Reinventing the browser for the enterprise age

Cybersecurity startup Island Technology Ltd. has developed an 'enterprise browser' to meet the security and productivity needs of businesses.
By leveraging the open-source Chromium project, Island's browser offers enhanced manageability for IT, improved worker productivity, and embedded security policies.
Island's enterprise browser eliminates the need for sprawling security stacks and heavy hardware dependencies, providing a streamlined, secure workspace accessed via a simple link.
The browser revolutionizes traditional operations like outsourced call centers by allowing secure access to necessary tools, integration of voice systems, and automation of repetitive tasks.

Read Full Article

12 Likes

VentureBeat

409

Image Credit: VentureBeat

AI power rankings upended: OpenAI, Google rise as Anthropic falls, Poe report finds

OpenAI and Google have strengthened their positions in key AI categories according to the latest report by Poe.
The report highlights shifts in market share, with rapid innovation and an increasingly diverse competitive landscape.
In core text generation, OpenAI's GPT-4o maintained dominance, while Google's Gemini 2.5 Pro gained share.
Specialized reasoning models gained importance, with Gemini 2.5 Pro leading the category.
OpenAI released multiple reasoning models, showing rapid innovation in the space.
Hybrid reasoning models like Gemini 2.5 Flash Preview and Qwen 3 are emerging.
The image generation market saw increased competition, with Google's Imagen 3 family growing substantially.
In video generation, Kuaishou's Kling models disrupted the market, while Google's Veo 2 maintained a strong position.
ElevenLabs led the audio generation category, facing emerging competition from players offering differentiated voice options.
Reasoning capabilities are becoming crucial in the AI market, signaling a shift in how businesses evaluate and deploy models.

Read Full Article

24 Likes

Amazon

312

Image Credit: Amazon

AI lifecycle risk management: ISO/IEC 42001:2023 for AI governance

ISO/IEC 42001 provides a framework for AI governance to ensure responsible, ethical, and compliant AI systems across the lifecycle.
AI governance involves activities like stakeholder alignment, data and model management, explainability, and accountability.
ISO/IEC 22989:2022 describes the AI lifecycle stages from inception to retirement, emphasizing the importance of governance at each stage.
ISO/IEC 42001:2023 outlines risk management requirements, including risk assessment, operational controls, monitoring, and continuous improvement.
AI Impact Assessments (AIIAs) are essential for high-risk use cases to evaluate societal, ethical, and legal impacts.
Framework options like ISO 31000 and NIST AI RMF offer structured methods for AI risk assessment and management.
Threat modeling tools such as STRIDE, DREAD, and OWASP are utilized to identify and mitigate AI system vulnerabilities.
AWS tools like SageMaker Model Cards, SageMaker Clarify, and Ground Truth assist in ensuring transparency, fairness, and accountability in AI.
AIIAs help in evaluating risks associated with AI systems, ensuring ethical use and appropriate mitigation strategies.
Continuous monitoring, threat modeling, and compliance audits are crucial for maintaining effective AI governance and risk management.

Read Full Article

18 Likes

Wired

156

Image Credit: Wired

Google's Advanced Protection for Vulnerable Users Comes to Android

Google extends Advanced Protection with new features for Android users, aimed at vulnerable demographics like activists and journalists.
Advanced Protection on Android emphasizes strong security settings, limiting interactions with unsecured services and unknown individuals.
The mode uses on-device AI scanning to provide monitoring without disabling essential features, while imposing some restrictions like blocking 2G networks and disabling Chrome functions.
Intrusion Logging, a key feature, securely stores device logs in the cloud using end-to-end encryption to detect and respond to compromises.
Memory Tagging Extension (MTE) is enabled by default, enhancing hardware security against memory vulnerabilities commonly exploited by hackers.
Additional Advanced Protection features like USB protections and API integration for third-party apps are set to launch along with Android 16.
Google aims to make attacks more difficult or even impossible by implementing robust security measures across the operating system.
Innovation in offering intrusion detection to consumers through indelible logs resistant to tampering is a key element of Google's Advanced Protection.
Advanced Protection's features cater to protecting users against targeted threats and potential compromise of their Google accounts.
Users who turn on Advanced Protection will benefit from enhanced defenses across the system and deeper integration with non-Google apps.

Read Full Article

9 Likes

Securityaffairs

363

Image Credit: Securityaffairs

Marks and Spencer confirms data breach after April cyber attack

Marks and Spencer confirms data breach after April cyber attack, where threat actors stole customer data.
The cyber incident led to temporary changes in store operations and affected card payments, gift cards, and Click and Collect service.
The stolen data includes customer contact details, birthdate, order history, and masked card details, but not full payment info.
M&S recommends caution against phishing attempts, resetting passwords, and staying updated on security practices post-breach.

Read Full Article

21 Likes

Amazon

386

Image Credit: Amazon

Securing Amazon Bedrock Agents: A guide to safeguarding against indirect prompt injections

Amazon Bedrock Agents offer security controls and strategies to protect AI interactions from indirect prompt injections, which are hidden malicious instructions embedded in external content processed by AI systems.
Indirect prompt injections are challenging to detect as they can manipulate AI behavior without user visibility, posing risks like system manipulation, unauthorized data exfiltration, and remote code execution.
Remediation for indirect prompt injections varies based on architecture, requiring multi-layered defense approaches like user confirmation, content moderation, secure prompt engineering, custom orchestration, access control, monitoring, and standard security controls.
Amazon Bedrock Agents emphasize securing vectors like user input, tool input/output, and final agent responses through techniques such as user confirmation, content moderation with Guardrails, secure prompt engineering, verifiers in custom orchestration, access control, sandboxing, monitoring, and logging.
Guardrails in Amazon Bedrock can screen user inputs and model responses, tagging dynamically generated prompts for evaluating potential injection vectors from external data sources within prompt boundaries.
Secure prompt engineering involves crafting system prompts to guide LLMs, detect prompt injections, and prevent malicious instructions within a secure orchestration framework like ReAct.
Implementing verifiers in custom orchestration strategies like Plan-Verify-Execute and using guardrails can protect against tool invocations and unexpected actions triggered by indirect prompt injections.
Access control and sandboxing mechanisms are critical in reducing the impact of compromised agents from prompt injections, enforcing least privilege, and establishing security boundaries between content processing and actions.
Comprehensive monitoring, logging, and standard security controls like authentication and validation are essential for detecting and responding to indirect prompt injections, ensuring a layered defense approach to safeguard AI systems.
A continuous commitment to evolving security measures is necessary as bad actors develop new exploitation techniques, and integrating these defensive strategies early in the design stages of Amazon Bedrock Agents architecture is crucial for protecting against future threats.
By implementing these strategies and maintaining vigilance through continuous monitoring, organizations can deploy Amazon Bedrock Agents securely while delivering powerful AI capabilities and ensuring the integrity of their AI-powered applications.

Read Full Article

23 Likes

Silicon

349

Image Credit: Silicon

Marks & Spencer Warns Customers Over Data Theft

Marks & Spencer informed online customers of data theft during a cyber-attack on 25 April.
The stolen data included contact details, dates of birth, and online order history.
No card details, payment information, or account passwords were compromised.
Customers are advised to change passwords as a precaution, and M&S is working on resolving the issue.

Read Full Article

21 Likes

For uninterrupted reading, download the app