Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Siliconangle

360

Image Credit: Siliconangle

AI leaders stare down limits as they keep spending big

AI leaders continue to spend significantly, with IPOs like eToro rising but overall IPO market still uncertain.
Software-only cloud hyperscalers like Salesforce are emerging, while doubts grow around the sustainability of cutting-edge AI models.
Companies like Meta face challenges as they delay mega-model releases and question the effectiveness of reasoning models.
Despite ongoing investments in AI, concerns about profitability arise, especially with some companies experiencing low revenue.
The quantum computing sector sees investments in startups like Classiq, although commercial viability remains a distant prospect.
Amidst a bustling tech event week, including Dell Tech World and Google I/O, several earnings reports are expected.
Key developments include AI advancements by Google DeepMind and OpenAI, acquisitions by Salesforce and Databricks, and new AI tools by various companies.
Financial activities include IPO preparations by Chime and Pony AI, acquisitions, and significant funding rounds for AI startups.
Policy discussions involve Trump's views on business strategies and ongoing cyber incidents, like the data breach at Coinbase.
Across the tech industry, quantum computing gains attention with investments in companies like Classiq, along with acquisitions such as Robinhood acquiring WonderFi.
Notable industry movements include executive changes at companies like Cisco, Microsoft, and Lidar startup Luminar Technologies.

Read Full Article

21 Likes

Pymnts

385

Image Credit: Pymnts

How Lawmaker Revisions to GENIUS Act Could Impact US Stablecoin Market

U.S. lawmakers are proposing revisions to the GENIUS Act, aiming to provide regulatory clarity for dollar-backed stablecoins within the country.
Negotiations for the GENIUS Act are ongoing, with Democrats seeking amendments around consumer protection, bankruptcy, and financial controls for stablecoin issuers.
The revised GENIUS Act includes provisions for consumer protection laws, bans on promoting yield features, and restrictions on certain companies issuing stablecoins.
The bill could redefine the future of finance in America by addressing stablecoin market regulations and balancing innovation with oversight.

Read Full Article

23 Likes

Tech Radar

229

Image Credit: Tech Radar

Be on the lookout for deepfake and AI government officials, FBI warns

The FBI has warned about cybercriminals impersonating senior US officials using deepfake and generative artificial intelligence technology.
The attackers are carrying out sophisticated smishing and vishing attacks by creating credible audio and text messages to deceive victims.
Phishing messages leverage people's emotions to trick victims into sharing sensitive information.
The FBI advised verifying identities and listening carefully to voice messages for inconsistencies to stay safe from such attacks.

Read Full Article

13 Likes

TechBullion

311

Image Credit: TechBullion

Strata Horizon: The UAE-Based Cybersecurity Partner for Governments and Critical Infrastructure

Strata Horizon is a UAE-based cybersecurity partner specializing in providing tailored solutions for governments and critical infrastructure.
The company offers enterprise-grade, AI-powered cybersecurity solutions for high-risk environments like national data centers, hospitals, and aviation systems.
Strata Horizon differentiates itself through its understanding of regional security frameworks, global compliance standards, and deployment of custom solutions for government entities.
Their cybersecurity solutions include threat detection powered by AI, secure network architecture for cloud environments, and 24/7 monitoring with localized support, catering to institutions globally.

Read Full Article

18 Likes

Discover more

Dev

205

Image Credit: Dev

How does Authentication work & different types

Authentication is the process of verifying if a person is who they claim to be before granting access to an application or data.
Common authentication methods include Username + Password, Token-Based Authentication (like JWT), OAuth (Login with Google, Facebook, etc.), Multi-Factor Authentication (MFA), and API Key.
Different authentication methods provide varying levels of security, with MFA adding extra layers of protection, OAuth offering smoother user experience, and API Key enabling controlled access for services and developers.
An analogy of authentication in a nightclub: Username + Password is like a guest list check, Token is like a hand stamp, OAuth is like a friend with VIP access, MFA is like ID + Text Confirmation, and API Key is like a staff badge.

Read Full Article

12 Likes

Medium

Image Credit: Medium

Your May 2025 Blueprint for Digital Safety: Outsmarting Today’s Cyber Threats

Recent reports show a rise in global cyber attacks, with sophisticated methods being used by cybercriminals and state-linked actors.
Microsoft's 2024 Digital Defense Report revealed customers face 600 million daily cyber attacks.
Verizon's 2025 Data Breach Investigations Report highlighted alarming developments in cyber threats.
CrowdStrike's 2025 Global Threat Report indicated a significant increase in activity linked to the Chinese government.
Fileless malware attacks are growing, making it hard for traditional antivirus software to detect them.
Deepfake technology is being used for scams, leading to financial losses exceeding $200 million.
NIST released version 2.0 of its Cybersecurity Framework to counter growing threats with improved guidelines.
NIST also introduced a draft of version 1.1 of its Privacy Framework to manage privacy risks effectively.
ISO 27001:2022 standard was updated to include considerations for climate action, impacting organizations' operations.
OWASP Foundation released the Mobile Top 10 for 2024, highlighting significant risks in mobile security.
SIM swapping, supply chain attacks, and privacy concerns are among the emerging cybersecurity threats.
Protecting user data through Privacy by Design and implementing incident response plans are crucial for cybersecurity.
MITRE introduced version 17 of its ATT&CK framework to help organizations combat evolving cyber threats.
Continuously monitoring threats and adapting defense strategies are key for strong cybersecurity in 2025.

Read Full Article

1 Like

Tech Radar

Image Credit: Tech Radar

Personal information leaked in Coinbase cyberattack, cost could be $400 million

Coinbase, a major cryptocurrency exchange, was targeted in a cyberattack with potential losses between $180 million to $400 million.
The attack involved criminals bribing overseas employees to obtain internal documents and sensitive data of certain customer accounts.
Although passwords and user funds were not impacted, a ransom demand of $20 million was made, which Coinbase refused to pay.
Coinbase is now offering a $20 million bounty for information on the hackers, amidst increased scrutiny and challenges faced by the cryptocurrency industry.

Read Full Article

5 Likes

Noupe

Image Credit: Noupe

Cybersecurity in Finance: Proven Ways to Protect Your Digital Assets

The financial industry, being dynamic, is highly susceptible to cybercrime, necessitating increased cybersecurity measures as finances become more automated.
Cybersecurity in finance encompasses data security, trust, risk management, and safeguarding financial infrastructure.
Key reasons why cybersecurity is crucial in finance include data protection, customer trust, and regulatory compliance.
Financial institutions face challenges like legacy systems, insider threats, third-party risks, lack of cybersecurity awareness, and gaps in business communication.
Evolving cybersecurity threats in finance include ransomware attacks, phishing scams, API vulnerabilities, deepfake fraud, and crypto-related threats.
Fraud prevention is integral to financial security and involves using advanced threat detection tools, multi-factor authentication, real-time fraud monitoring, encryption, and cybersecurity training for staff.
The future of cybersecurity in finance will involve zero trust architecture, quantum-resistant encryption, blockchain for secure transactions, biometric security, and AI-powered security systems.
Ensuring cybersecurity in finance is not just a technical challenge but a business imperative, requiring robust security systems, employee training, and awareness of evolving threats.
By adopting cutting-edge technology and policies, financial institutions can protect their digital assets and maintain customer trust amidst the digital finance transformation.
Trust in the future of finance depends on cybersecurity measures, which will be shaped by AI, blockchain, encryption, and biometric security.
Cybersecurity is essential for the finance sector to combat evolving threats, protect digital assets, and maintain trust in the digital era.

Read Full Article

Medium

Image Credit: Medium

The Rise of Tech Jobs in Sustainable Energy: A Bright Green Future.

The sustainable energy sector is experiencing rapid growth due to innovation, regulatory changes, and the need to address climate change.
Key trends driving tech job growth in sustainable energy include decarbonisation initiatives, digital transformation, and energy decentralisation.
Top in-demand tech jobs in sustainable energy include Data Scientists, AI Engineers, Software Developers, Cybersecurity Experts, and Blockchain Developers.
Industries leading in sustainable tech jobs include energy tech firms, major tech companies like Google and Microsoft, government projects, and consulting/engineering firms.

Read Full Article

1 Like

Lastwatchdog

279

SHARED INTEL Q&A: AI in the SOC isn’t all about speed — it’s more so about smoothing process

Despite investments in threat feeds and automation platforms, intelligence struggles to translate into timely action for SOCs, as seen in the case of Volt Typhoon breaches continuing despite CISA advisories.
Monzy Merza of Crogl advocates for building systems that learn and adapt to how an organization functions to bridge the gap between intelligence and action in cyber defense.
Traditional playbooks fall short in operationalizing threat intel because they require reverse-engineering advisories into the SOC's context, creating friction and inefficiencies in responding to threats.
Crogl's 'knowledge engine' differs from traditional SOAR platforms by adapting to messy, fragmented data and evolving team behaviors, offering adaptive workflows that reduce false positives and reflect real-world operations.
Process intelligence, as emphasized by Crogl, involves understanding the unique workflows and norms of each organization to make smart decisions based on contextual knowledge rather than reacting to anomalies in isolation.
Crogl rejected the typical SaaS model for transparency and control, allowing customers to inspect and trace every decision within the platform, aligning it with compliance frameworks and offering deployment flexibility.
As AI becomes more embedded in SOCs, the focus is shifting towards tools that can adapt to evolving data and processes without breaking, as well as towards AI that not only provides answers but asks better questions to help analysts stay ahead of threats.
Journalist Byron V. Acohido highlights the importance of making the internet private and secure and acknowledges the role of AI in contributing to the efficiency and effectiveness of SOCs in cybersecurity.

Read Full Article

16 Likes

Securityaffairs

291

Image Credit: Securityaffairs

Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without explicit consent, facing threats of a lawsuit from privacy group noyb.
Meta intends to use public data from EU adults for AI training, emphasizing the need to reflect European diversity.
The company postponed AI model training last year due to data protection concerns raised by Irish regulators.
Noyb issued a cease-and-desist letter to Meta regarding the use of EU personal data for AI systems without opt-in consent.
Meta states it does not use private messages and excludes data from EU users under 18 for AI training.
The Austrian privacy group argues that Meta's AI training practices may violate GDPR by not requiring opt-in consent.
Meta defends its AI data practices, claiming compliance with European Data Protection Board guidance and Irish privacy regulations.
Noyb insists on the necessity of opt-in consent for AI training, challenging Meta's reliance on 'legitimate interest' as inadequate.
Meta faces potential legal risks due to its opt-out approach for AI training, risking injunctions and class action lawsuits.
Concerns raised include Meta's decision to gather user data for AI without explicit consent and its impact on GDPR compliance.

Read Full Article

17 Likes

Socprime

390

Image Credit: Socprime

Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure

A critical vulnerability in SAP NetWeaver, identified as CVE-2025-31324, is being actively exploited by Chinese APT groups to target critical infrastructure systems.
China-linked nation-state groups, likely associated with China’s Ministry of State Security, are attributed to these intrusions.
Multiple China-nexus adversaries are exploiting the SAP NetWeaver flaw CVE-2025-31324 since April 2025.
Security professionals can access detection rules for CVE-2025-31324 exploit linked to China-nexus groups on the SOC Prime Platform.
The exploitation campaigns focus on infiltrating critical infrastructure and establishing long-term access to global networks.
Chinese APT groups are actively targeting sectors like natural gas distribution, water management, medical device manufacturers, oil and gas firms, and government ministries.
The campaign exploited a zero-day vulnerability, backdooring SAP NetWeaver instances with web shells and maintaining access through various tools like KrustyLoader and SNOWLIGHT.
The attackers are identified as UNC5221, UNC5174, and CL-STA-0048, known for deploying web shells, reverse shells, and various malware tools.
China-affiliated threat groups are expected to continue exploiting vulnerabilities in enterprise software to target critical infrastructure globally.
Users are advised to upgrade SAP NetWeaver instances and implement mitigation measures as suggested by SAP Security Notes.

Read Full Article

23 Likes

The Register

283

Image Credit: The Register

From hype to harm: 78% of CISOs see AI attacks already

AI is being used for both positive and malicious purposes, with cybercriminals leveraging AI for sophisticated attacks while security leaders must implement adaptive, AI-augmented defenses to mitigate risks.
74% of cybersecurity IT professionals are concerned about AI-related risks, with generative AI fueling social engineering attacks and cybercriminals using AI-powered malware and tactics like lateral movement.
Spotting AI attacks requires looking for increased sophistication in phishing attempts, malware types, and social engineering tactics, although it may be challenging to definitively attribute attacks to AI.
While attackers leverage AI, many security professionals feel unprepared for AI-driven threats, citing a lack of cybersecurity personnel as a major barrier in defending against evolving cyber threats.
Despite concerns, 95% of respondents believe AI can enhance cyber defenses, bringing significant time savings, but there are reservations around data privacy, governance, and compliance with regulations like GDPR.
Organizations prioritize AI-powered cybersecurity solutions to bridge the skills gap, with 88% benefiting from AI's preventive defense capabilities, although there is a need for better understanding of AI types for effective utilization.
Integrating AI security solutions into broader platforms and adopting a preventative defense stance are common strategies among organizations to combat escalating cyber threats and move away from reactive approaches.
Darktrace's ActiveAI Security Platform offers a multi-layered approach using supervised, unsupervised, and statistical machine learning models to identify threats, strengthen cybersecurity controls, provide automated responses, and enhance threat detection beyond traditional methods.
By correlating and investigating security incidents across various environments, Darktrace enables security professionals to proactively defend against novel threats and automate security functions for efficient incident response.
As threat actors increasingly leverage AI, defenders need to quickly adapt by leveraging advanced AI-powered defenses like Darktrace's platform to stay ahead of evolving cybersecurity threats and enhance their security posture.

Read Full Article

17 Likes

Eu-Startups

365

Czech investment fund Rockaway Ventures targets game-changing tech with new €55 million raise

Prague-based Rockaway Ventures, the investment fund of Rockaway Capital, raised €55 million for its second fund, Rockaway Ventures II, to support early-stage startups in Central and Eastern Europe (CEE) and other emerging markets.
The fund focuses on early-stage investments, particularly in sectors like energy, defense, and dual-use technologies, aiming to provide support throughout startups' growth journeys.
Rockaway Ventures, established in 2014, invests mainly in areas of expertise within the Rockaway Capital group, including retail, e-commerce, cybersecurity, defense, CleanTech, and PropTech.
The current fund plans to expand its portfolio by investing 60% in CEE companies and 40% in Western Europe and diaspora-led startups from Czechia, with notable investments including Apaleo, CulturePulse, and Gjirafa.

Read Full Article

22 Likes

Securityaffairs

135

Image Credit: Securityaffairs

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Over half of firms adopted AI in 2024, but concerns are rising over data security and privacy risks associated with cloud tools like Azure OpenAI.
Enterprises are increasingly leveraging cloud-based platforms such as Azure OpenAI, AWS Bedrock, and Google Bard for AI applications, leading to productivity gains but also exposing them to new risks in terms of data security and privacy.
The use of generative AI platforms like Retrieval-Augmented Generation (RAG) introduces risks related to data exposure, misconfigurations, and overexposure, especially when access controls are not properly managed.
To mitigate these risks, companies need to enforce strict role-based access controls, secure training data, monitor AI models for unauthorized access, and implement proactive AI data governance practices to ensure privacy, compliance, and trust in AI innovations.

Read Full Article

8 Likes

For uninterrupted reading, download the app