Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Securityaffairs

364

Image Credit: Securityaffairs

BlackLock Ransomware Targeted by Cybersecurity Firm

Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details.
Cybersecurity experts exploited the vulnerability and obtained additional information related to the ransomware network infrastructure.
BlackLock Ransomware is one of the fastest-growing strains, targeting organizations in various sectors across different countries.
The rebranding of BlackLock as Mamona Ransomware and the takeover by DragonForce group are potential developments in this scenario.

Read Full Article

21 Likes

Cybersafe

Image Credit: Cybersafe

RedCurl Cyberspies deploy Ransomware to target Hyper-V Servers

RedCurl, a cyber-espionage group, expands its operations by deploying ransomware targeting Hyper-V servers.
RedCurl historically focused on data exfiltration, but recently started using ransomware in at least one confirmed case.
The group uses phishing emails with disguised .img attachments as the initial attack vector.
RedCurl's new ransomware, named QWCrypt, specifically encrypts virtual machines hosted on Microsoft Hyper-V.

Read Full Article

2 Likes

Tech Radar

335

Image Credit: Tech Radar

Devious new Android malware uses a Microsoft tool to avoid being spotted

Hackers are using .NET MAUI, a legitimate Windows tool, to create malicious Android applications and steal sensitive information.
The malware disguises itself as legitimate apps and is distributed through unofficial app stores and phishing messages.
By utilizing hidden storage areas and multi-stage dynamic loading, the malware evades antivirus programs and security software.
The best defense against such threats is to only download apps from official repositories and exercise caution.

Read Full Article

20 Likes

Global Fintech Series

356

Image Credit: Global Fintech Series

Finix Introduces New Payment Features for Q1

Finix, the full-stack payment processor, has introduced new payment features for Q1 to provide merchants with greater efficiency, security, and revenue-boosting capabilities.
The latest releases include Account Updater, Network Tokens, Instant Payouts, and new hardware terminal options.
Account Updater allows for the automatic update of card information, minimizing failed transactions and ensuring uninterrupted services for customers.
Finix's new features, such as Network Tokens and Instant Payouts, aim to increase revenue, reduce processing costs, and provide merchants with flexibility and improved cash flow.

Read Full Article

21 Likes

Discover more

Siliconangle

Image Credit: Siliconangle

Secure enterprise browser Island raises $250M at nearly $5B valuation

Island Technology Inc. has raised $250 million in a late-stage financing round led by Coatue Management, bringing its valuation to $4.8 billion.
The startup offers a secure enterprise browser with built-in security capabilities, giving IT administrators and security teams control over browsing activity.
Island's Enterprise Browser supports various security tools, such as safe browsing, web filtering, exploit prevention, and zero-trust access.
The company has over 450 customers across different industries, including Fortune 1000 companies, government agencies, and educational institutions.

Read Full Article

5 Likes

Dev

234

Image Credit: Dev

JavaScript Rules, Wiz Integration, Bitbucket SCM and Catching Malicious Dependencies

Semgrep, an open-source static code analysis tool, introduced critical severity rules to identify vulnerabilities like the compromised GitHub Action tj-actions/changed-files.
In the past month, Semgrep added 312 new rules focusing on security research, with coverage for various JavaScript frameworks and libraries like Express, React, Angular, and more.
Semgrep recently secured a Series D funding of $100 million, aiming to continue developing bug-hunting software with a focus on software exploitation prevention.
The Semgrep team is expanding, offering roles in Software Engineering, Technical Support, Sales, and Design.
Community learning resources like podcasts by Tanya Janca and AI-powered web vulnerability scanning resources were highlighted in recent discussions.
A new Security Headers course on Semgrep Academy, taught by experts Tanya Janca and Scott Helme, provides insights on enhancing web application security.
Integration between Semgrep's source code vulnerabilities and Wiz's cloud-native risk detection offers a comprehensive approach to application and cloud security.
Semgrep invites users to participate in a private beta testing program for upcoming features and enhancements, providing early feedback to improve user experience.
Bitbucket Cloud Repos now support one-click scanning for enhanced security, making it easier to set up project scans across multiple repositories.
Options like Semgrep Community Edition and Semgrep Pro, with capabilities for projects with less than ten contributors, are available for developers to improve code security.

Read Full Article

14 Likes

Wired

230

Image Credit: Wired

6 Best Password Managers (2025), Tested and Reviewed

Password managers are crucial for online security, offering secure vaults to manage and store complex passwords, reducing vulnerability to attacks.
Options like Bitwarden, 1Password, and Dashlane top the list with features like encryption, biometric authentication, and passwordless logins for enhanced security.
NordPass, bundled with NordVPN, offers strong encryption and additional services like online storage and emergency access sharing.
For those preferring self-hosted options, Enpass and KeePassXC provide control over data in the cloud with flexible syncing capabilities.
Password managers streamline password management, generate secure passwords, and offer breach monitoring to safeguard against compromised passwords.
Most services offer features like two-factor authentication and alerts for breached passwords, enhancing overall security.
Apps like 1Password offer unique perks such as Travel Mode for securing data during travel and integration with various platforms.
Using password managers with passkeys and robust encryption adds layers of security, making it easier to manage and secure online accounts.
WIRED recommends password managers for better password security, automated password management, and quick response to compromised passwords.
Password managers like Enpass, Keeper, and RoboForm offer diverse features catering to different user needs and preferences.
In testing password managers, emphasis is placed on encryption standards, authentication methods, and overall security robustness alongside user-friendliness.

Read Full Article

13 Likes

Global Fintech Series

Image Credit: Global Fintech Series

NICE Actimize 2025 EMEA Fraud Survey Uncovers the Top Financial Fraud Types That FIs Must Prioritize

The NICE Actimize “2025 EMEA Financial Fraud Trends and Investment Priorities” report reveals the top financial fraud types that financial institutions (FIs) must prioritize in the coming years.
Technology, including network analytics, machine learning, and Generative AI (GenAI) modeling, is identified as playing a crucial role in fraud detection and prevention in the next 12 to 18 months.
Scams are identified as the most significant fraud type, with 100% of respondents from the U.K. citing its impact, while the rest of EMEA recorded 64% of respondents identifying scams as a major threat.
Consumer reimbursement obligations and the fraud liability shift are identified as policy drivers that will have a significant impact on fraud detection and prevention.

Read Full Article

2 Likes

TechCrunch

327

Image Credit: TechCrunch

Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists

Google has fixed a vulnerability in Chrome browser for Windows that was used by hackers in a campaign targeting journalists.
The vulnerability, tracked as CVE-2025-2783, was discovered by Kaspersky researchers.
The bug allowed attackers to bypass Chrome's sandbox protections and affected other browsers based on Google's Chromium engine.
The hackers behind the campaign sent personalized phishing emails to Russian media representatives and employees at educational institutions.

Read Full Article

19 Likes

Tech Radar

264

Image Credit: Tech Radar

Google Chrome security flaw could have let hackers spy on all your online habits

Google has fixed a high-severity zero-day vulnerability in its Chrome browser that was being exploited in the wild.
The bug allowed cyber-espionage, primarily against targets in Russia.
Kaspersky researchers uncovered the flaw and stated that attackers' goal was likely espionage.
Users are advised to update their Chrome browser to the latest version to protect against this security flaw.

Read Full Article

15 Likes

The Fintech Times

SoSafe Reveals Fraud Levels Set to Rise: Employee Training is Key to Fight AI-Driven Cyberattacks

AI's usage in cyberattacks has increased, with nearly nine in 10 respondents encountering attempted breaches.
91% of security experts expect a significant surge in AI-driven threats in the next three years.
Only 26% of firms express high confidence in their ability to detect AI-driven attacks.
Organizations need to adopt AI to combat cyberattacks, but also implement controls to manage associated risks.

Read Full Article

3 Likes

Siliconangle

192

Image Credit: Siliconangle

SecurityScorecard report reveals surge in third-party breaches across industries

A new report reveals a surge in vendor-driven attacks as third-party breaches increase.
36% of all breaches in 2024 were third-party related, with 47% involving technology products and services.
Retail and hospitality had the highest third-party breach rate at 52%, followed by the technology industry at 47%.
To counter third-party breaches, organizations are advised to align risk management strategies and prioritize protections for high-risk infrastructure.

Read Full Article

11 Likes

Socprime

222

Image Credit: Socprime

CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE

A batch of five critical vulnerabilities called “IngressNightmare” affecting Ingress NGINX have been patched.
The most serious flaw, CVE-2025-1974, enables unauthenticated attackers to reach arbitrary code execution.
Over 40% of Kubernetes environments rely on Ingress NGINX.
Swift action is crucial to safeguard systems and data against RCE attacks.

Read Full Article

13 Likes

Tech Radar

268

Image Credit: Tech Radar

Broadcom warns of worrying security flaws affecting VMware tools

Broadcom has warned of a high-severity vulnerability found in VMware Tools.
The flaw, CVE-2025-22230, allows non-administrative Windows users to perform high-privilege operations.
Broadcom has released a fix for the bug and recommends users to apply the patch.
The vulnerability only affects Windows users, while Linux and macOS users are unaffected.

Read Full Article

16 Likes

Medium

352

Image Credit: Medium

Still Not Using a Password Manager? Here’s What Changed My Mind

Gone are the days of struggling to remember complex passwords made of birth dates, letters, numbers, and symbols.
The author initially relied on notebooks to keep track of passwords, using an index page to search for specific ones.
However, this system became frustrating when having to update passwords and raised concerns about the safety of the handwritten notebook.
The author found a solution in digital password managers, specifically praising Proton Pass for its security and reliability.

Read Full Article

21 Likes

For uninterrupted reading, download the app