Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Tech Radar

355

Image Credit: Tech Radar

Scattered Spider moves beyond the UK, places crosshairs on US companies

Scattered Spider, a ransomware collective, is expanding its target scope beyond UK firms to include US retailers.
Google's Threat Intelligence Group warns US retailers to be cautious as Scattered Spider, linked to group UNC3944, is targeting multiple firms after a long hiatus.
Scattered Spider operates within a larger hacking community called 'the Com' and engages in various cyberattacks, with previous victims including notable companies like Nike, Twitter, and more.
In response to attacks, UK's NCSC has issued guidance for better defense against Scattered Spider, urging the retail sector to enhance security measures.

Read Full Article

21 Likes

Pymnts

161

Image Credit: Pymnts

US Banks ‘Prime Candidate for Exploitation’ by Money Launderers

Banks in the United States are increasingly being targeted by money launderers connected to drug cartels.
Money launderers utilize underground networks to deposit cash from drug sales at US bank branches and ATMs.
Incidents like a Chinese network depositing $92 million in cash at major banks have raised concerns.
The banking industry is urging the US government to revamp anti-money laundering regulations to combat fraud effectively.

Read Full Article

9 Likes

Tech Radar

360

Image Credit: Tech Radar

Largest US steel manufacturer puts production on the backburner after cyber attack

Nucor, a major US steel manufacturer, had to halt parts of its operations due to a cyberattack.
The company confirmed the unauthorized access of certain IT systems by a third party and took measures to contain the incident.
The decision to temporarily stop production operations has raised speculations of a possible ransomware attack.
No threat actors have claimed responsibility, and the extent of data breach remains unknown.

Read Full Article

21 Likes

Lastwatchdog

252

GUEST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

Small businesses are increasingly targeted by cybercriminals due to their lack of cybersecurity expertise and resources.
The dark web offers easy access to cybercrime-as-a-service tools, making it cheaper and simpler to launch attacks on small businesses.
AI-powered tools are being used to scale attacks, tailor phishing lures, write malware, and evade detection, posing a significant threat to small businesses.
To protect themselves, small businesses should prioritize employee training, use AI-powered security tools, invest in cyber insurance, and consider partnering with managed service providers.

Read Full Article

15 Likes

Discover more

VentureBeat

202

Image Credit: VentureBeat

You.com’s ARI Enterprise crushes OpenAI in head-to-head tests, aims at deep research market

You.com has launched ARI Enterprise, claiming it outperforms OpenAI in head-to-head tests and excels in accuracy on independent benchmarks.
ARI achieved 80% accuracy on the FRAMES benchmark, surpassing major competitors.
This advanced research platform offers 4x greater depth and breadth and connects to internal corporate data sources.
ARI Enterprise provides 35% more insights and facts per research project, with enhanced integration capabilities.
Early adopters include venture capital firms, consulting agencies, and research institutions.
The platform's interactive approach involves collaboration with users to refine research plans and guide analysis.
Founder Richard Socher emphasizes ARI's role in augmenting analysts' efficiency, not replacing them.
You.com believes ARI Enterprise democratizes access to high-quality research and transforms professional roles.
The company raised $99 million to challenge Google's search dominance and has reported significant revenue growth.
ARI Enterprise changes how businesses process information, offering comprehensive, verified analysis in minutes.

Read Full Article

12 Likes

Tech Radar

285

Image Credit: Tech Radar

SAP NetWeaver woes worsen as ransomware gangs join the attack

Multiple ransomware operators are targeting a severe vulnerability in SAP NetWeaver Visual Composer, enabling unauthorized actors to upload malicious executables.
Around 1,200 SAP instances were reported to be at risk from this vulnerability, CVE-2025-31324.
Ransomware families like BianLian and RansomEXX, along with Chinese state-sponsored actors, have been identified in exploiting the flaw.
SAP quickly released a patch for the bug but multiple attacks were observed in the wild, emphasizing the critical nature of the security issue.

Read Full Article

17 Likes

Arstechnica

372

Image Credit: Arstechnica

Spies hack high-value mail servers using an exploit from yesteryear

Threat actors, possibly supported by the Russian government, hacked high-value mail servers globally by exploiting XSS vulnerabilities.
XSS vulnerabilities allow attackers to execute malicious code in browsers through programming errors in webserver software.
The exploits originated from a bug class widely exploited in the past and primarily involve the execution of JavaScript.
The Kremlin-linked hacking group Sednit gained access to email accounts by targeting vulnerabilities in mail server software like Roundcube, MDaemon, Horde, and Zimbra.

Read Full Article

22 Likes

TechCrunch

364

Image Credit: TechCrunch

Coinbase says customers’ personal information stolen in data breach

Crypto giant Coinbase confirms data breach where customer data, including personal information and government-issued ID documents, were stolen.
Hacker obtained customer account information and demanded $20 million ransom, which Coinbase refuses to pay.
The hacker accessed customer names, addresses, phone numbers, Social Security numbers, bank account details, and government IDs.
Less than 1% of Coinbase's customers were affected by the breach, with estimated incident remediation and reimbursement costs between $180 million to $400 million.

Read Full Article

21 Likes

Kaspersky

132

Image Credit: Kaspersky

Apple beefs up parental controls: what it means for kids | Kaspersky official blog

Apple announced new initiatives for safer environment for kids using their devices, including easier setup of kids' accounts and sharing children's age with app developers for content control.
Updates will be available later this year, with simplified Child Account creation and age editing options for parents.
Apple will apply age-appropriate web content filters if parents don't set up devices for under-13 children; parental consent will be required for app downloads.
New Declared Age Range API aims to address online age verification issue, allowing parents to authorize sharing age category with app developers.
Apple introduces an updated age rating system with five categories to provide clearer app appropriateness information.
Apple and Meta disagree on responsibility for online child safety, with Meta advocating age verification by app stores and Apple emphasizing app developer responsibility.
There are concerns about entrusting child safety to tech giants profit from addictive products; Apple and Meta have faced criticisms over targeting young users.
Child psychology experts warn about negative effects of unlimited digital content consumption on children's mental and physical health.
Apple's advancements may be futile if third-party app developers do not cooperate; relying solely on tech giants' solutions is cautioned against.
Kaspersky Safe Kids offers parental control solution to monitor child's activity, customize restrictions, and prevent digital addiction.

Read Full Article

7 Likes

Kaspersky

Image Credit: Kaspersky

How phishing emails are sent from [email protected] | Kaspersky official blog

Scammers are using a phishing scheme that impersonates genuine Google services to deceive victims.
Phishing emails mimic official Google notifications, using a legitimate Google address: [email protected].
Victims receive an email claiming Google has been subpoenaed for their account data, with a link to a fake Google support page.
The link appears genuine with an official Google domain but actually leads to a phishing site on sites.google.com.
Attackers exploit trust in the Google domain, making it challenging to spot the scam without close inspection.
Scammers registered a domain, set up a fake Google Workspace account, and used OAuth technology for this phishing scheme.
Although Google OAuth doesn't share credentials, it can provide limited account access to scammers.
Victims were directed to download potentially malicious 'legal documents' on the fake Google Support page.
Users are advised to carefully examine email headers, avoid clicking suspicious links, and use robust security solutions to prevent falling for phishing scams.
Google is working on fixing the OAuth vulnerability that scammers exploited in this phishing campaign.

Read Full Article

5 Likes

Tech Radar

Image Credit: Tech Radar

Millions seized and 17 arrested in Europol criminal banking bust

Europol has successfully dismantled a criminal banking network involving 17 arrests across Europe.
The arrested individuals, mainly of Chinese and Syrian nationality, are accused of providing money laundering services to criminals.
Assets worth €4.5 million, electronic devices, firearms, €183,000 in cryptocurrency, and 77 bank accounts were seized in the takedown.
Criminals are increasingly utilizing alternative banking methods to evade law enforcement and conduct illegal activities.

Read Full Article

3 Likes

Medium

107

this is how small Instagram pages for earning large per month

Many micro-Instagram pages in India with 10K–100K followers are earning ₹1–5 lakhs per month through various revenue streams and smart strategies.
The revenue streams include paid shoutouts & collabs, affiliate marketing, digital products, paid newsletters, service offers, UGC licensing, and Instagram Shop/dropship. They typically earn ₹1 lakh – ₹4 lakhs+ per month.
Influencers and content creators focus on niche positioning, content repurposing, trending formats, engagement loops, batching & scheduling to maximize their reach and engagement.
Automation tools like ManyChat, PhantomBuster, Meta Business Suite, Later/Planoly, Jarvee, ChatGPT, Canva Pro, and Link-in-Bio tools help in automating tasks, scheduling posts, and optimizing content creation for increased efficiency.

Read Full Article

6 Likes

Tech Radar

145

Image Credit: Tech Radar

Dior fashion brand hit by cyberattack and customer data leaked - here's what we know

Global fashion brand Dior has confirmed a cyberattack where sensitive customer data was compromised.
No passwords or payment data was taken in the attack.
Dior is investigating the incident with the help of cybersecurity experts and no groups have claimed responsibility yet.
Although passwords and payment information were not accessed, customer names, addresses, phone numbers, and purchase history were compromised.

Read Full Article

8 Likes

Global Fintech Series

364

Image Credit: Global Fintech Series

Experimentation Frameworks for Fintech Product Iteration

Experimentation frameworks play a vital role in helping Fintech companies adapt to evolving user expectations and regulatory environments, driving sustainable growth and delivering customer value.
Key components of an effective experimentation framework in Fintech include hypothesis-driven development, segmentation, A/B testing, sequential testing, and defining success metrics.
Fintech experimentation frameworks must consider compliance and risk factors, such as GDPR, PSD2, and AML directives, due to the sensitive nature of financial data.
Successful experimentation leads to continuous improvement, guiding product pivots, informing pricing models, and inspiring new features in Fintech products.
As AI and machine learning advance in Fintech, experimentation will focus on testing intelligent systems like personalized loan offers and predictive fraud detection.
The future of experimentation in Fintech includes integrating explainable AI (XAI) to help stakeholders understand the reasoning behind changes, promoting transparent and compliant innovation.
Building a culture of experimentation is mission-critical for Fintech companies to stay agile, competitive, and deliver user-centric solutions while addressing risk and compliance challenges.
Continuous learning, scalability testing, and controlled rollouts are essential steps post-successful experimentation to ensure consistent feature performance across a broader user base.
Fintech companies invest in data platforms and experimentation tools like Optimizely, LaunchDarkly, and product analytics tools to support robust experimentation frameworks.
Collaboration between legal, compliance, product, and data science teams is crucial to ensure Fintech experiments align with regulatory standards and innovation goals.
Experimentation frameworks in Fintech enable teams to test, learn, and iterate rapidly and efficiently, making data-driven decisions to enhance user engagement and business outcomes.

Read Full Article

21 Likes

Insider

211

Image Credit: Insider

A European defense startup is making drone submarines that can lurk underwater for 3 months at a time

German defense tech startup Helsing is developing AI-equipped submarine drones that can operate underwater for up to three months at a time.
The drones, controlled by a single operator, use AI software to detect subsea threats, identify ships, and submarines based on sound patterns.
With European militaries increasing sea monitoring efforts, Helsing's drones aim to bolster defenses amid growing threats to critical subsea cable infrastructure.
NATO's focus on defending underwater infrastructure and collaboration with startups like Helsing reflects the importance of using advanced technology for maritime security.

Read Full Article

12 Likes

For uninterrupted reading, download the app