A naukri.com initiative
Cyber Security News
Tech Radar
1w
158
Image Credit: Tech Radar
Popular TikTok video editor CapCut used to trick victims in phishing scam
- Cybercriminals are impersonating popular video editing app CapCut to steal Apple ID logins in a phishing scam.
- Phishing emails trick victims by claiming they have subscribed to a $50 paid version and offer a link to cancel the subscription.
- Clicking on the link leads victims to a fake Apple login page where their credentials are harvested by attackers.
- Security researchers advise being skeptical of emails, especially ones that require urgent actions, to prevent falling victim to such phishing attacks.
Read Full Article
9 Likes
Tech Radar
1w
183
Image Credit: Tech Radar
Major new Microsoft Defender update will now block one of the most dangerous kinds of cyberattack
- A new feature for Microsoft Defender for Office 365 will automatically send all identified email bombing messages to the junk folder.
- Most users are expected to receive this update by the end of July 2025.
- This feature aims to mitigate the dangers associated with email bombing, a malicious tactic where victims are inundated with a high volume of emails.
- The new 'Mail Bombing' detection capability will block these attacks by default, requiring no action from the user's side.
Read Full Article
11 Likes
Tech Radar
1w
92
Image Credit: Tech Radar
Microsoft warns North Korean hackers are expanding fake job schemes - as Feds announce further crackdown
- North Korean hackers are using advanced AI tools to hide their identities and infiltrate US-based tech companies to steal sensitive files.
- The US government is cracking down on these campaigns and has imposed sanctions to prevent US companies from hiring North Korean nationals.
- Hackers are creating fake personas and using VPNs to conceal their identities, with some even using voice-changing software and AI-enhanced documents to increase credibility.
- The US Department of Justice arrested individuals involved in a scheme that netted over $5 million, indicting a US national and eight others for wire fraud, money laundering, and hacking, with some linked to the Lazarus group.
Read Full Article
5 Likes
Medium
1w
58
Image Credit: Medium
How I Tracked Down a Stalker Using OSINT
- An individual used OSINT to track down a stalker, requested information about the stalker's home address and Facebook account.
- Steps included verifying profiles, finding posts related to the client, and confirming the stalker knew personal details.
- Identified the stalker's address by closely analyzing images from the stalker's Facebook profile.
- Compiled a detailed report for the client, leading to legal action being taken against the stalker.
- The complex investigation took about 12 hours and highlighted the importance of responsibly using OSINT to help others.
- Client confirmed delivery to identified address, showcasing the effectiveness of the investigation.
Read Full Article
3 Likes
Tech Radar
1w
87
Image Credit: Tech Radar
International Criminal Court says it was hit by sophisticated cyberattack
- The International Criminal Court (ICC) has confirmed a recent cyberattack described as 'new, sophisticated, and targeted' which has been contained and is being mitigated.
- No responsible threat actors have been identified yet, and the details of the attack, including any consequences, have not been disclosed.
- The ICC operates independently from the United Nations and focuses on prosecuting individuals for serious international crimes, with recent media reports linking the cyberattack to the indictment of Israeli PM Benjamin Netanyahu for alleged war crimes in Gaza.
- Given the history of the ICC being targeted and its controversial cases, such as the indictment of Netanyahu, tightening security measures is being emphasized to prevent potential future cyberattacks.
Read Full Article
5 Likes
Kaspersky
1w
263
Image Credit: Kaspersky
The top-five funny school, social media, and IoT hacks | Kaspersky official blog
- Hacks include prank traffic lights, classroom Rickroll, robot vacuums, Lenovo website, Twitter pranks.
- Hackers targeted traffic lights with Zuckerberg and Musk voices, students performed classroom Rickroll.
- Ecovacs robot vacuums hacked, Lenovo website defaced, Twitter accounts hijacked for pranks.
- Lessons learned: avoid weak passwords, use strong, unique passwords for online security.
Read Full Article
15 Likes
TechJuice
1w
167
Image Credit: TechJuice
NCCIA Shuts Down 12 Illegal Call Centres Under ‘Operation Grey’
- The National Cyber Crime Investigation Agency (NCCIA) conducted Operation Grey, targeting cyber scams and digital money laundering by shutting down 12 illegal call centres and arresting over 90 suspects, including foreign nationals.
- The operation aimed to dismantle networks involved in online fraud and unauthorized international financial transfers, with these illegal call centres orchestrating large-scale scams globally.
- 93 individuals were apprehended, including foreign nationals and key Pakistani facilitators, linked to fraudulent schemes siphoning profits out of Pakistan through international digital channels.
- NCCIA reiterated its strong stance against cybercrime, with further actions planned to track additional accomplices and financial conduits associated with these illegal networks.
Read Full Article
10 Likes
Tech Radar
1w
46
Image Credit: Tech Radar
Swiss government warns data stolen in third-party ransomware attack
- Swiss government files were stolen and posted on the dark web following a ransomware attack on Radix, a third-party supplier.
- Radix, a non-profit organization in the health promotion sector, notified the National Cyber Security Centre of the breach in which various administrative units of the Swiss federal government were affected.
- Despite the attack, Radix claims that all data is intact on backups and no direct access to Federal Administration systems was gained by the attackers.
- The incident involving the ransomware group Sarcoma has led to an investigation to determine the extent of the data breach, but Radix states that partner organizations' data remained uncompromised.
Read Full Article
2 Likes
Siliconangle
1w
117
Image Credit: Siliconangle
Exabeam expands Nova AI platform with new strategy agent for CISOs
- Exabeam Inc. expands its Nova AI platform with a new cybersecurity strategy agent for CISOs.
- The Nova Advisor Agent is designed to translate security data into strategic insights for CISOs to present in the boardroom.
- It generates data-backed plans, identifies critical gaps, and offers what-if analyses to help align security efforts with organizational goals.
- Exabeam Nova now includes six purpose-built agents to automate decisions, streamline investigations, and provide recommendations for improving security operations.
Read Full Article
7 Likes
Socprime
1w
246
Image Credit: Socprime
SOC Prime and Anetac
- SOC Prime and Anetac have partnered to enhance identity security and combat enterprise threats by integrating Identity Vulnerability Management with AI-powered Detection Engineering and Automated Threat Hunting.
- The partnership offers continuous identity threat detection, prioritized protection across attack paths, adversary behavior mapping with MITRE Attack Flow, vertical-specific detection content, and automated response and remediation workflows.
- By combining SOC Prime's Threat Detection Marketplace and Uncoder AI with Anetac's Identity Vulnerability Management Platform, the alliance aims to provide organizations with proactive, identity-focused threat-informed defense.
- The partnership's goal is to help security teams prioritize critical identity risks, enhance breach prevention, and improve overall cyber protection for both human and non-human identities across hybrid environments.
Read Full Article
14 Likes
Siliconangle
1w
242
Image Credit: Siliconangle
LevelBlue to acquire Trustwave in push to expand managed cybersecurity capabilities
- LevelBlue Inc. has entered into an agreement to acquire Trustwave Holdings Inc., a managed detection and response company, for an undisclosed amount.
- Trustwave, known for its suite of cybersecurity services, will merge its capabilities with LevelBlue's strategic risk management and cybersecurity infrastructure.
- The acquisition will allow LevelBlue to leverage Trustwave's Fusion Platform for enhanced cloud-native MDR services and to meet U.S. government security standards like FedRAMP.
- The deal is set to strengthen LevelBlue's position in the cybersecurity market and will also involve strategic input from the Chertoff Group for further growth in the MDR segment.
Read Full Article
14 Likes
Siliconangle
1w
4
Image Credit: Siliconangle
Concentric AI buys startups Swift Security and Acante to expand scope of data protection platform
- Concentric AI acquires Swift Security and Acante to enhance data protection platform.
- Acquisitions bring data loss prevention, generative AI governance tools to Concentric AI.
- Funding of $45 million in Series B enables Concentric to expand security offerings.
- Swift Security adds monitoring for unsafe use of generative AI tools; Acante assists in data access.
Read Full Article
Like
Securityaffairs
1w
410
Image Credit: Securityaffairs
GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI
- Germany requested Google and Apple to remove DeepSeek AI from their app stores due to GDPR violations related to unlawful data collection and transfers to China.
- Berlin's Commissioner for Data Protection cited DeepSeek AI for processing extensive personal data of users, including chats and files, and transferring it to servers in China without adequate data protection measures.
- The Berlin Commissioner used the Digital Services Act to report DeepSeek AI to Apple and Google after the company failed to comply with requests to address GDPR violations. This was done in coordination with state data protection officers and the Federal Network Agency.
- Due to concerns over lack of EU safeguards and adequacy decisions for data transfers to China, DeepSeek AI has faced scrutiny from European authorities for violating GDPR standards, leading to calls for its removal from app stores.
Read Full Article
24 Likes
Hackernoon
1w
309
Image Credit: Hackernoon
From Crisis to Security - How DePIN Can Solve Tonga's Cybersecurity Challenges
- Recent data breaches in Tonga highlight critical vulnerabilities in current digital infrastructure.
- DePIN proposes a decentralized, blockchain-based system for secure government networks in Tonga.
- The solution aims for complete digital sovereignty and protection against cyber threats.
- DePIN's roadmap includes building secure infrastructure, network expansion, and economic benefits.
- The initiative envisions Tonga as a leader in digital independence and security.
Read Full Article
18 Likes
Dev
1w
8
Image Credit: Dev
Promptfoo vs Deepteam vs PyRIT vs Garak: The Ultimate Red Teaming Showdown for LLMs
- Red teaming tools like Promptfoo, DeepTeam, PyRIT, and Garak are crucial for system safety.
- Promptfoo tailors test cases to your system, DeepTeam is fast with common vulnerabilities.
- PyRIT offers flexibility for complex red teaming, while Garak focuses on known issues.
- Each tool has its strengths and usage scenarios to ensure system resilience.
Read Full Article
Like
For uninterrupted reading, download the app