A naukri.com initiative
Cyber Security News
Tech Radar
1w
189
Image Credit: Tech Radar
Thousands of organizations have a new, unexpected 'employee' onboard - and it could be their single biggest security risk
- Browser AI Agents, a new automated tool for interacting with the web, have emerged as a significant security risk in organizations.
- SquareX research suggests that these agents are more susceptible to cyberattacks than human employees due to their inability to recognize suspicious URLs and security risks.
- Browser AI Agents lack critical thinking capabilities, making them vulnerable to basic cyberattacks, such as granting malicious apps access to sensitive data.
- As Browser AI Agents operate with the same privileges as users, they can unknowingly provide attackers with access to internal systems, emphasizing the need for enhanced security measures.
Read Full Article
11 Likes
Securityaffairs
1w
202
Image Credit: Securityaffairs
U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Citrix NetScaler vulnerability CVE-2025-6543 to its Known Exploited Vulnerabilities catalog.
- CVE-2025-6543 is a memory overflow vulnerability in NetScaler ADC and NetScaler Gateway, potentially leading to Denial of Service.
- Affected versions include NetScaler ADC 13.1-FIPS, 14.1, and earlier versions, requiring prompt mitigation to protect against attacks exploiting the flaw.
- CISA has issued directives for federal agencies to address the vulnerabilities by July 21, 2025, following a similar inclusion of other Citrix vulnerabilities in the past.
Read Full Article
12 Likes
The Verge
1w
316
Image Credit: The Verge
Microsoft Authenticator is ending support for passwords
- Microsoft Authenticator will no longer support storing or autofilling passwords starting in July.
- Users will need to use Microsoft Edge or another password management solution for autofilling saved passwords.
- Saved payment information in Authenticator will be deleted in July, followed by saved passwords in August.
- Users should set Edge as the default autofill provider or export passwords to another service by August.
Read Full Article
19 Likes
Tech Radar
1w
42
Image Credit: Tech Radar
This worrying Bluetooth security flaw could let hackers spy on your device via microphone
- Security researchers have discovered three medium-severity vulnerabilities in a Bluetooth chipset found in various devices, allowing potential eavesdropping and data theft.
- The flaws, affecting 29 devices from multiple manufacturers, could enable hackers to intercept conversations, steal call history, contacts, and possibly deploy malware.
- Exploiting these vulnerabilities is challenging, requiring a high level of technical expertise, making practical implementation uncertain.
- Patches are being developed by Airoha to address these vulnerabilities, but caution is advised for users of affected devices.
Read Full Article
2 Likes
TechCrunch
1w
118
Image Credit: TechCrunch
US government takes down major North Korean ‘remote IT workers’ operation
- The U.S. Department of Justice took enforcement actions against North Korea's remote IT workers operation, which aimed to raise funds for the regime's nuclear weapons program and steal data and cryptocurrency.
- A U.S. national named Zhenxing 'Danny' Wang was arrested and indicted for running a fraud scheme to bring North Korean IT workers into U.S. tech companies, generating over $5 million for the North Korean regime.
- Eight more individuals, including Chinese and Taiwanese citizens, were indicted for participating in the scheme, involving wire fraud, money laundering, identity theft, hacking, and violating sanctions.
- The scheme included impersonating U.S. individuals to secure jobs at American companies, setting up laptop farms to hide the workers' origins, and stealing sensitive data from the companies, including source code from a California-based defense contractor.
Read Full Article
7 Likes
Dev
1w
299
Image Credit: Dev
Vibe Coding vs. AI Slop: Building Trust into AI Assisted Development
- AI is revolutionizing software development by assisting with code generation, accelerating workflows, and empowering teams to build and ship faster.
- However, the rapid development facilitated by AI, known as 'vibe coding,' may lead to issues like technical debt, opacity, and vulnerabilities, ultimately impacting software quality and security.
- The article discusses the need for structural safeguards in AI-assisted coding to prevent issues like insecure dependencies and hardcoded secrets, emphasizing the importance of building trust directly into the development process.
- It introduces the concept of trust-native languages like Noumena Protocol Language (NPL), which prioritize security, access control, and compliance at the compiler level, enabling developers to create scalable and secure applications efficiently.
Read Full Article
18 Likes
Tech Radar
1w
266
Image Credit: Tech Radar
Insider risk on the rise as survey finds 50% of employees have too much privileged access - and AI will make it far worse
- Half of enterprise employees have excessive privileges to critical applications, according to CloudEagle.ai's identity governance report.
- Invisible IT, with 60% of SaaS and AI tools outside IT oversight, contributes to insider risks, breaches, and compliance issues.
- Privilege creep is prevalent, with unsanctioned AI tools and lingering access for former staff being major concerns.
- Recommendations include adopting AI-driven access management, appointing a Chief Identity Officer, and implementing zero trust controls to address insider threats.
Read Full Article
15 Likes
Lastwatchdog
1w
37
News alert: SquareX research finds browser AI agents are proving riskier than human employees
- SquareX's research suggests that Browser AI Agents are more vulnerable to cyberattacks than human employees, making them the new weakest link for enterprise security teams.
- Despite offering productivity gains, Browser AI Agents lack security awareness and are prone to falling prey to browser-based attacks due to their limited understanding of security implications.
- SquareX demonstrated a scenario where a Browser AI Agent fell victim to an OAuth attack, highlighting the security risks associated with these agents granting unauthorized access.
- SquareX emphasizes the importance of implementing browser-native security solutions to prevent Browser AI Agents and employees from being deceived by malicious actors.
Read Full Article
2 Likes
Tech Radar
1w
202
Image Credit: Tech Radar
CitrixBleed 2 flaws are officially here - so get patching or leave your systems at risk
- Citrix has disclosed a critical-severity bug in Citrix NetScaler ADC and Gateway instances, urging users to patch up as soon as possible.
- The vulnerability, dubbed 'CitrixBleed 2' by independent researchers, is actively being exploited by hackers to gain access to targeted environments.
- The bug is described as an insufficient input validation vulnerability tracked as CVE-2025-5777, affecting versions 14.1 and before 47.46, and from 13.1 and before 59.19.
- Citrix has provided a fix for the vulnerability and advised users to apply it promptly to mitigate risks. The flaw is similar to a previously exploited Citrix vulnerability known as 'CitrixBleed' from late 2023.
Read Full Article
12 Likes
TechCrunch
1w
337
Image Credit: TechCrunch
Mexican drug cartel hacker spied on FBI official’s phone to track and kill informants, report says
- A hacker hired by the Mexican Sinaloa drug cartel spied on the U.S. Embassy in Mexico City in 2018 to identify targets for the cartel to kill, as per a U.S. government watchdog report.
- The FBI's investigation into El Chapo led to the discovery that the cartel had hired a hacker who accessed an FBI official's phone to obtain calls, geolocation data, and even used Mexico City's camera system to track the official and individuals they met.
- The hacker's actions were utilized by the cartel to intimidate and eliminate potential sources or witnesses cooperating with authorities, according to the report.
- Mexico has seen extensive use of surveillance and hacking tools both by law enforcement agencies targeting cartels and by criminal organizations like the Sinaloa cartel using encrypted phones and hacker networks for illicit activities.
Read Full Article
20 Likes
Pymnts
1w
266
Image Credit: Pymnts
Know Your Sector, Know Your Scam: eCommerce Fraud in 2025
- eCommerce scams in 2025 are sector-specific and often automated, impacting various industries.
- Fashion retailers face friendly fraud, electronics sellers deal with SKU inflation, and beauty industry fights return abuse.
- Fraudsters automate scams, test different strategies, while companies use AI and behavior analytics for prevention.
- Consumers browse on phones, prone to scams, willing to pay for insurance coverage.
Read Full Article
15 Likes
Tech Radar
1w
130
Image Credit: Tech Radar
It's about time - Microsoft finally rolls out better passkey integration in Windows
- Microsoft has partnered with 1Password to improve passkey integration on Windows, allowing users to synchronize their credentials.
- The company has released a testing feature in the Windows 11 Insider Preview Build 26200.5670 (KB5060838) update for passkey support.
- Microsoft is gradually moving away from passwords to passkeys, with plans to phase out saved passwords in the Microsoft Authenticator app by August 2025.
- Better passkey integration on Windows is in high demand and aims to enhance security and user experience by reducing reliance on third-party tools.
Read Full Article
7 Likes
Tech Radar
1w
244
Image Credit: Tech Radar
Another major MOVEit flaw could be on the way - here's what we know
- Security researchers have observed a surge in malicious scans for systems running MOVEit Secure Managed File Transfer software.
- This increase in IP scans could indicate a potential newly discovered vulnerability in the tool, raising concerns among experts.
- The majority of these scans are originating from the United States, with a notable rise in unique IPs scanning for vulnerabilities.
- While the previous vulnerability was patched, the ongoing scans suggest ongoing interest from threat actors looking to exploit any potential weaknesses.
Read Full Article
14 Likes
Global Fintech Series
1w
249
Image Credit: Global Fintech Series
CreditBank PNG Partners with Entrust to Deliver Digital-First Banking Experience in Papua New Guinea
- CreditBank PNG partners with Entrust to enhance digital banking in Papua New Guinea.
- Migration to Digital Card Solution sets the bank on the path towards becoming the first fully digital bank in the region.
- Customers can now open accounts online and use virtual Visa cards for secure, contactless transactions.
- The collaboration with Entrust marks a significant milestone in CreditBank PNG's digital transformation journey, aiming to become the leading digital bank in the region.
Read Full Article
14 Likes
Tech Radar
1w
295
Image Credit: Tech Radar
FBI warns Scattered Spider hackers are now going after airlines
- The FBI has warned that the Scattered Spider cybercriminals are now targeting US airlines and transportation, following attacks on UK retailers in the past.
- The group, known for causing system outages and deploying ransomware, consists of financially motivated young adults using phishing and social engineering techniques.
- Two airlines, Hawaiian Airlines and Canada's WestJet, reported cyber incidents in June 2025, potentially linked to Scattered Spider's activities.
- The FBI advises vigilance for anyone in the airline ecosystem, as the group could target direct organizations or breach supply chain third-parties for access.
Read Full Article
17 Likes
For uninterrupted reading, download the app