menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

1w

read

156

img
dot

Image Credit: Tech Radar

Malicious Python packages are stealing vital data, and have been downloaded thousands of times already

  • Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely compromising thousands of devices.
  • Two malicious PyPI packages named 'bitcoinlibdbfix' and 'bitcoinlib-dev' were discovered, targeting bitcoin developers and claiming to be a fix for the 'bitcoinlib' module.
  • Another malicious package discovered, named 'disgrasya', specifically targets WooCommerce stores and functions as an automated carding script.
  • All three malicious packages have been removed from the PyPI repository.

Read Full Article

like

9 Likes

share

2 Shares

source image

TechCrunch

1w

read

211

img
dot

Image Credit: TechCrunch

UK’s demand for Apple backdoor should not be heard in secret, says court

  • The U.K. government has lost its bid to keep secret the details of a surveillance order it brought against Apple.
  • Parts of the legal case will be held in public, according to the U.K. surveillance powers’ court.
  • The revealed details of the case involve a U.K. legal demand ordering Apple to let authorities access the encrypted cloud data of any Apple customer worldwide.
  • Privacy advocates, news outlets, U.S. lawmakers, and senior intelligence officials have called for transparency in the legal hearings.

Read Full Article

like

12 Likes

share

2 Shares

source image

Tech Radar

1w

read

300

img
dot

Image Credit: Tech Radar

PoisonSeed campaign hijacks business CRM and email accounts to send out huge amounts of spam

  • Hackers are stealing mailing lists from major companies and using them to break into people’s cryptocurrency wallets.
  • They set up spoofed landing pages and impersonate companies like Coinbase, Ledger, Mailchimp, etc., to harvest login credentials and mailing lists.
  • The hackers then send emails urging users to set up a new Coinbase Wallet using a seed phrase embedded in the email, and once users set up the wallet and transfer funds, the hackers can steal the money.
  • The campaign, called PoisonSeed, is reportedly the work of threat actors called Scattered Spider and CryptoChameleon, and victims may permanently lose their funds.

Read Full Article

like

18 Likes

share

4 Shares

source image

Adamlevin

1w

read

177

img
dot

Image Credit: Adamlevin

Can AI Commit the Perfect Crime?

  • AI is being used for various purposes including making organizations run better, helping students get into college or land a new job, and aiding scammers in swindling people more efficiently.
  • Cybersecurity and privacy expert Eduard Goodman and Doug Guion of Yabbel discuss the ultimate AI crime.
  • The podcast 'What the Hack with Adam Levin' explores the mind of Adam and discusses the importance of being aware of one's expenditures.

Read Full Article

like

10 Likes

share

2 Shares

source image

Eu-Startups

1w

read

292

img
dot

Osney Capital unveils first UK cybersecurity Seed Fund, surpassing €58 million target

  • Osney Capital announces the first UK cybersecurity Seed Fund, surpassing €58 million target.
  • The fund received a cornerstone investment from the British Business Bank and is accredited by the UK’s National Security Strategic Investment Fund (NSSIF).
  • Osney Capital plans to invest in 30 portfolio companies at pre-Seed and Seed stage, focusing on UK cyber founders.
  • The UK's cybersecurity industry is growing rapidly, driven by increasing cyber threats and the adoption of AI and other technologies.

Read Full Article

like

17 Likes

share

4 Shares

source image

Securityaffairs

1w

read

359

img
dot

Image Credit: Securityaffairs

A member of the Scattered Spider cybercrime group pleads guilty

  • A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California.
  • Noah Urban, known as 'Sosa' and 'King Bob' online, admitted to conspiracy, wire fraud, and identity theft in two federal cases.
  • The cybercrime group, Scattered Spider, is suspected of hacking into hundreds of organizations, including Twilio, LastPass, DoorDash, and Mailchimp.
  • Urban will pay approximately $13 million in restitution to victims and faces a long prison term with an additional sentence for aggravated identity theft.

Read Full Article

like

21 Likes

share

5 Shares

source image

Securityaffairs

1w

read

270

img
dot

Image Credit: Securityaffairs

The controversial case of the threat actor EncryptHub

  • Microsoft credited the likely lone actor behind the EncryptHub alias for reporting two Windows security flaws.
  • EncryptHub, a controversial figure with ties to cybercrime, pursued both legitimate security research and engaged in cybercriminal activity.
  • He reported two vulnerabilities to Microsoft, addressing a security feature bypass issue and a file explorer spoofing vulnerability.
  • Despite his considerable hacking skills, EncryptHub made OPSEC mistakes that exposed his cybercrime operations.

Read Full Article

like

16 Likes

share

3 Shares

source image

Siliconangle

1w

read

136

img
dot

Image Credit: Siliconangle

Stytch and Cloudflare partner to secure Remote MCP servers with OAuth

  • Identity platform startup Stytch Inc. has partnered with Cloudflare Inc. to offer Remote MCP Authorization service for developers.
  • The service allows developers to add authorization to Remote MCP servers built on Cloudflare Workers and other supporting frameworks.
  • Remote MCP enables AI agents to communicate with web applications, facilitating secure real-time interactions over the internet.
  • Stytch's OAuth-based authorization solution addresses the challenge of secure agent authorization in Remote MCP.

Read Full Article

like

8 Likes

share

1 Share

source image

Socprime

1w

read

165

img
dot

Image Credit: Socprime

UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer

  • UAC-0226 hacking group is involved in a cyber-espionage campaign targeting critical sectors in Ukraine.
  • The group is using GIFTEDCROOK stealer to gather intelligence from military innovation hubs, armed forces, law enforcement entities, and government institutions.
  • The cyber-espionage activities have been observed since February 2025, with an increase in attacks against Ukraine.
  • Phishing emails with macro-enabled Excel files are used as the initial attack vector, and GIFTEDCROOK steals browser data and exfiltrates it via Telegram.

Read Full Article

like

9 Likes

share

2 Shares

source image

Tech Radar

1w

read

224

img
dot

Image Credit: Tech Radar

Kellogg reveals data breach, but it's lacking any real crunch

  • Cereal giant WK Kellogg has suffered a data breach, which has affected an unknown number of people.
  • The breach is suspected to be connected to recent Cleo File Transfer breaches.
  • The breach originated through a third-party vendor, Cleo, and it is not clear if it's a ransomware attack.
  • Companies need to manage the risks associated with third-party collaborations to keep information secure.

Read Full Article

like

13 Likes

share

3 Shares

source image

Siliconangle

1w

read

122

img
dot

Image Credit: Siliconangle

Xanthorox AI emerges as a new malicious threat in cybercrime communities

  • A new report reveals the emergence of Xanthorox AI, a next-generation malicious artificial intelligence platform in cybercrime communities.
  • Unlike existing models, Xanthorox AI uses a self-hosted, multi-model architecture designed for offline use in automated hacking operations.
  • The modular design of Xanthorox AI allows attackers to mix and match capabilities for various cyber tasks, such as generating malware, analyzing images, scraping data, and mimicking human reasoning.
  • Phishing protection company SlashNext is using AI-powered behavioral and language analysis to detect and prevent threats from platforms like Xanthorox AI.

Read Full Article

like

7 Likes

share

1 Share

source image

TechCrunch

1w

read

19

img
dot

Image Credit: TechCrunch

Someone hacked ransomware gang Everest’s leak site

  • The leak site used by the Everest ransomware gang was hacked and defaced.
  • The site was replaced with a note stating 'Don't do crime CRIME IS BAD xoxo from Prague.'
  • It is unclear if the gang also experienced a data breach as a result of the hack.
  • Everest is a Russia-linked ransomware gang that has claimed credit for various hacks and breaches.

Read Full Article

like

1 Like

share

Share

source image

Medium

1w

read

152

img
dot

Image Credit: Medium

You Are Making Big Mistake By Not Scanning Your Terraform

  • Infrastructure misconfigurations have been behind some of the most notorious security incidents in recent years.
  • Terrascan, an open-source static code analyzer, offers deeper analysis, better policy flexibility, and more comprehensive coverage across different cloud providers.
  • Terrascan scans configuration files for security best practices, misconfigurations, compliance issues, and potential vulnerabilities.
  • It integrates seamlessly into the development workflow, catching problems before they make it to production.

Read Full Article

like

9 Likes

share

2 Shares

source image

Hackernoon

1w

read

419

img
dot

Image Credit: Hackernoon

Here’s Everything I Learned Building a Blog to Teach Cybersecurity

  • Initiated a blog, OpenExploit.in, to make cybersecurity easy to learn for all, especially beginners.
  • Chose Ghost CMS for blog hosting, focusing on regular updates and sharing cybersecurity knowledge.
  • Importance of starting small and improving along the way instead of waiting for perfection.
  • Choosing the right platform like Ghost CMS due to its open-source nature, speed, and developer-friendliness.
  • Skill of writing improves with practice, and simplicity is key when explaining complex cybersecurity topics.
  • Consistency in posting content is emphasized over waiting for the 'perfect' post.
  • Engaging with the cybersecurity community helps in sharing knowledge, receiving feedback, and staying motivated.
  • Including multimedia elements like code snippets, images, and videos enhances engagement and understanding.
  • Admitting what you don't know in cybersecurity and sharing your learning journey fosters authenticity and connection with readers.
  • The significance of SEO, titles, and thumbnails in making content discoverable and attractive to readers.
  • A cybersecurity blog can serve as a valuable personal brand asset by showcasing expertise, dedication, and the ability to assist others.
  • Starting a blog can lead to personal growth, improved communication skills, and connections within the cybersecurity community.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

1w

read

173

img
dot

Image Credit: Securityaffairs

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

  • A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims’ digital wallets.
  • The PoisonSeed campaign targets both crypto and non-crypto entities, exploiting compromised CRM and bulk email accounts.
  • PoisonSeed attackers automate list exports and send spam urging victims to create crypto wallets using fake seed phrases.
  • The campaign is distinct from groups like Scattered Spider and CryptoChameleon but reflects growing threats in the broader cybercrime ecosystem.

Read Full Article

like

10 Likes

share

2 Shares

Prev

30
31
32
33
34
35
36
37
38
39
40

Next

For uninterrupted reading, download the app