A naukri.com initiative
Cyber Security News
Tech Radar
1w
92
Image Credit: Tech Radar
WhatsApp vulnerability that allowed hackers to share .exe files as images patched
- A vulnerability in WhatsApp for Windows allowed hackers to spoof executable files as images.
- Meta has fixed the vulnerability that affected all older versions of WhatsApp for Windows.
- The flaw allowed criminals to trick users into running .exe files by displaying them as harmless photos in the chat.
- Although there is currently no evidence of exploitation, Meta has advised users to apply the patch immediately.
Read Full Article
5 Likes
Cybersecurity-Insiders
1w
46
Image Credit: Cybersecurity-Insiders
Identity Management Day Expert Commentary
- Identity Management Day emphasizes the importance of being skeptical rather than scared about the exposure of personal information like phone numbers and social security numbers.
- Attackers are using publicly available data to impersonate individuals, highlighting the need for vigilance and proactive protection measures.
- Tools play a crucial role in monitoring threats and reducing the impact of security breaches, emphasizing the shift from pursuing perfect privacy to proactive safeguarding.
- Technologies like zero trust architecture and AI-driven security are reshaping identity management in the face of remote work and digital transformation challenges.
- Cloud-based IAM and AI-driven access control can enhance security, efficiency, and compliance without hindering user experiences.
- The evolving role of identity security in an increasingly digital world requires a focus on AI-driven innovation and proactive security measures.
- The conversation around identity governance is changing, with a shift towards compliance, provisioning, and continuous monitoring to address emerging risks.
- Identity security now involves ensuring the right access at the right time to prevent internal fraud, audit failures, and reputational damage.
- The definition of identity is expanding beyond credential-based to include machine-to-machine identity management, workload identities, and more nuanced concepts.
- Future developments in identity management may include the use of highly accurate person-based credentials to detect malicious activity in real-time with contextual understanding.
Read Full Article
2 Likes
Securityaffairs
1w
105
Image Credit: Securityaffairs
WhatsApp fixed a spoofing flaw that could enable Remote Code Execution
- WhatsApp fixed a spoofing flaw that could enable Remote Code Execution.
- WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution.
- The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6, allowing attackers to send a file with a fake MIME type and trick users into executing malicious code.
- WhatsApp, being a popular messaging platform, is frequently targeted by threat actors due to its massive user base and potential for accessing private chats and device-level control.
Read Full Article
6 Likes
Cybersecurity-Insiders
1w
231
Image Credit: Cybersecurity-Insiders
The Critical Role of Telemetry Pipelines in 2025 and Beyond
- Telemetry pipelines are becoming vital for cybersecurity, enabling real-time insights and proactive threat detection by efficiently collecting and transmitting data.
- Telemetry involves automated data collection to monitor performance, detect anomalies, and ensure security in modern IT infrastructures.
- Factors like growing system complexity, data volume, real-time threat detection importance, and regulatory compliance emphasize the significance of telemetry pipelines.
- Key use cases include centralized data collection, optimizing SIEM costs, compliance with regulations, and monitoring operational technology environments.
- Best practices for effective telemetry pipelines include implementing filtering mechanisms, adding data context, standardizing data formats, prioritizing critical data, and integrating with existing security tools.
- Telemetry pipelines are essential for organizations to maintain robust security postures in the face of evolving cybersecurity threats in 2025 and beyond.
- They provide infrastructure for comprehensive monitoring, real-time threat detection, and efficient incident response, ensuring effective navigation of cybersecurity challenges.
Read Full Article
13 Likes
Siliconangle
1w
179
Image Credit: Siliconangle
Aurascape launches with $50M in funding to bring security and observability to AI apps
- Aurascape Inc. has launched with $50 million in funding to provide security and observability for AI applications.
- The company's purpose-built platform offers visibility into network and employee use of AI apps to ensure data security and observability.
- The increased adoption of AI in the workplace brings potential issues with privacy, security, and new AI-driven threats.
- Lead investors in Aurascape include Menlo Ventures and Mayfield Fund, along with prominent security industry leaders.
Read Full Article
8 Likes
Medium
1w
310
Image Credit: Medium
How Agentic AI Is Shaping the Future of Cybersecurity
- Agentic AI refers to systems that act autonomously in cybersecurity, making decisions based on real-time data to identify and neutralize threats.
- Traditional cybersecurity measures are often insufficient in detecting zero-day attacks, reacting to real-time threats, and scaling to manage massive data loads.
- Agentic AI transforms cybersecurity by enabling autonomous threat detection, real-time intrusion response, behavioral monitoring, and adaptive risk management.
- Challenges include addressing ethical implications, balancing automation with human oversight, and avoiding misjudged responses based on false positives.
Read Full Article
18 Likes
Siliconangle
1w
252
Image Credit: Siliconangle
Corsha raises $18 million to expand machine identity security platform
- Machine-to-machine communications startup Corsha Inc. has raised $18 million in new funding to expand go-to-market efforts, launch Corsha Labs, and enhance its machine identity platform.
- Corsha offers solutions to seamlessly integrate into various environments, providing zero-trust security for application programming interfaces and machines.
- The company addresses the challenge of securing machine-to-machine communication by syncing with traditional ID providers, bringing multifactor authentication to machines, and securing and auditing M2M connections across operational technology and cloud environments.
- SineWave Ventures led the Series A-1 funding round, with participation from Razor's Edge Ventures and Ten Eleven Ventures.
Read Full Article
15 Likes
Tech Radar
1w
366
Image Credit: Tech Radar
Actively exploited vulnerabilities patched on Android in latest security update
- Google released a new update for Android, which addresses more than 60 vulnerabilities. Two of these vulnerabilities were actively being exploited in the wild and are now patched.
- The actively exploited vulnerabilities are tracked as CVE-2024-53150 and CVE-2024-53197. One of them was used to break into a Serbian youth activist's Android phone.
- In total, Google fixed 62 flaws in the latest security update. While there is no evidence that the rest of the vulnerabilities are being abused, there are still a few dangerous ones that need to be patched quickly.
- Among the fixed vulnerabilities, three were labeled as critical: CVE-2025-22429, CVE-2025-26416, and CVE-2025-22423.
Read Full Article
22 Likes
Managedmethods
1w
278
Image Credit: Managedmethods
In The News | ManagedMethods Launches Classroom Manager to Protect Students from Online Harm, Put Control Back in the Hands of Educators
- ManagedMethods launches Classroom Manager, a new cloud-based classroom management tool for K-12 school districts.
- Classroom Manager provides features to monitor students' browser activity, enable personalized learning, and put control back in the hands of teachers.
- It integrates with ManagedMethod's Content Filter to comply with CIPA and E-rate requirements, blocking inappropriate content and identifying safety risks.
- Classroom Manager aims to improve visibility into students' browser activity and optimize classroom instruction time.
Read Full Article
16 Likes
Medium
1w
12
Image Credit: Medium
How to Disable Firefox Telemetry & Data Collection for Maximum Privacy and Burp Suite…
- To disable Firefox telemetry and data collection for maximum privacy, follow these steps.
- Disabling telemetry ensures your browser activity stays truly yours.
- To completely opt out, further configurations in about:config are required.
- In addition, if you're using Burp Suite for web traffic interception, you need to disable certificate pinning in Firefox.
Read Full Article
Like
Securityaffairs
1w
290
Image Credit: Securityaffairs
Everest ransomware group’s Tor leak site offline after a defacement
- The Tor leak site of the Everest ransomware group went offline after being hacked and defaced.
- The site displayed a message saying 'Don't do crime CRIME IS BAD xoxo from Prague' before going offline.
- The defacement may be an exit scam, and no threat actor has claimed responsibility.
- The Everest ransomware group has been active since 2020 and has targeted the healthcare industry in recent years.
Read Full Article
17 Likes
Cybersecurity-Insiders
1w
151
Image Credit: Cybersecurity-Insiders
Vishing: The voice scam you need to know about
- Vishing is a voice scam that is on the rise, involving phone-based phishing attacks.
- Vishing attacks have increased by 1,265% since the launch of ChatGPT.
- Scammers use spoofing technology to make calls appear legitimate.
- To protect yourself, avoid giving out personal information over the phone and use call blockers.
Read Full Article
9 Likes
Global Fintech Series
1w
404
Image Credit: Global Fintech Series
What’s Shaping the Future of Digital Lending? Key Trends to Watch
- Digital lending is revolutionizing the financial industry, driven by technological advancements and changing consumer demands.
- The shift to digital-first approaches is spurred by the need for seamless, fast, and personalized financial solutions.
- The pandemic accelerated digital transformation in banking, emphasizing cloud migration, AI-driven analytics, and cybersecurity enhancements.
- Digital lending simplifies credit access by eliminating traditional intermediaries and streamlining processes through automation and data analysis.
- Compared to traditional lending, digital lending offers convenience, speed, competitive interest rates, and expanded financial inclusion.
- Key features of digital lending include seamless application processes, instant loan disbursals, and automated credit assessments.
- Trends shaping digital lending's future include cloud-first strategies, data-driven analytics, hyper-personalization, and intelligent automation.
- AI-enhanced underwriting, embedded finance, blockchain, cybersecurity innovations, and customer-centric lending are key trends to watch.
- The future of finance lies in leveraging technology for faster, more inclusive, and secure lending experiences.
- Financial institutions need to balance innovation with customer-centricity, transparency, and cybersecurity for sustainable digital lending growth.
Read Full Article
24 Likes
Hackernoon
1w
307
Image Credit: Hackernoon
Hackers Are Hiding Malware in This Common Image Format—And It’s Working
- Hackers are increasingly using the scalable vector graphics (SVG) file format to conceal malware, scripts, and malicious HTML in phishing campaigns, bypassing email security filters.
- SVG files accounted for 6.6% of malicious attachments in phishing emails in Q1, marking a 245% increase from the previous quarter.
- Threat actors exploit the text-based nature and scalability of SVG files to automate redirects to malicious sites, facilitate credential harvesting, and distribute malware.
- SVG-based attacks often involve polymorphic strategies and personalized phishing tactics to evade detection by secure email gateways.
- SVGs can bypass security mechanisms due to their perceived legitimacy, text-based format, ability to embed codes like JavaScript, and impersonation capabilities.
- These files pose multiple threats, including XSS attacks, phishing schemes, file tampering, DoS vulnerabilities, and facilitating lateral network movements by attackers.
- To mitigate SVG-based phishing risks, organizations are advised to authenticate email attachments, educate users on spotting malicious SVGs, disable script execution in browsers, control file uploads, and implement Content Security Policies (CSPs).
Read Full Article
18 Likes
Cybersecurity-Insiders
1w
198
Image Credit: Cybersecurity-Insiders
What Business Leaders Need to Know to Prevent Tax Identity Fraud in 2025
- Tax season in the US is also fraud and scam season, with Americans losing over $9 billion from tax fraud in 2024.
- Business leaders must be vigilant in preventing tax identity fraud, especially in financial services and tax preparation.
- GenAI technology poses a significant fraud risk, amplifying familiar fraud types like synthetic identity fraud and phishing scams.
- Companies need to invest in mobile fraud prevention and develop an omnichannel view of fraud to combat evolving fraudster tactics.
- Collaborative efforts and international intelligence sharing are crucial for effective fraud prevention, as fraud schemes transcend borders.
- Balancing fraud prevention with customer experience is essential, focusing on security, data protection, and seamless onboarding processes.
- Financial organizations should prioritize safe and rewarding customer experiences while optimizing fraud prevention measures.
- Having a proactive fraud protection strategy is key to safeguarding customer data and maintaining trust in the financial sector.
- In 2025, security outweighs convenience, and businesses need to ensure a secure tax filing experience.
- By implementing the right fraud prevention playbook, businesses can connect safely with genuine identities while protecting against fraud.
Read Full Article
11 Likes
For uninterrupted reading, download the app