Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Socprime

287

Image Credit: Socprime

AI-Powered Query Validation for Cortex XSIAM Detection

Uncoder AI offers AI-powered query validation for Palo Alto Cortex XSIAM detection logic.
It parses detection logic and validates syntax rules and semantic expectations in real-time.
The validation targets suspicious command-line executions and network activity related to UAC-0185 (CERT-UA#12414).
Uncoder AI breaks down queries to ensure correct structure, field mapping, operator usage, performance tips, and syntax safety.
It simplifies the process of writing and validating detection logic for Cortex XSIAM, preventing errors that could lead to missed detections or slow queries.
Uncoder AI leverages LLMs trained on SIEM-specific query languages for validation.
It acts as a real-time code reviewer, improving accuracy before deployment.
For detection engineers and SOC teams, Uncoder AI prevents deployment of broken logic, reduces reliance on documentation, accelerates development for emerging threats, and improves query efficiency.
By using Uncoder AI, Cortex XSIAM users can convert threat intelligence into reliable detection rules quickly.

Read Full Article

17 Likes

Socprime

226

Image Credit: Socprime

AI Validation for Sentinel Queries: Smarter KQL with Uncoder AI

Uncoder AI feature analyzes and validates detection queries for Microsoft Sentinel using Kusto Query Language (KQL).
Example query targets domain names linked to the SmokeLoader campaign (CERT-UA references).
Uncoder AI dissects queries for syntax, performance, schema advice, and maintainability.
Uncoder AI addresses issues of query optimization and lack of documentation in traditional approaches.
Uncoder AI offers actionable suggestions for better query writing based on KQL best practices.
Benefits for SOC teams include reduced trial-and-error, improved performance, and cross-skill enablement.
Uncoder AI enhances detection refinement cycles and validation in real-time for platforms like Microsoft Sentinel.

Read Full Article

13 Likes

Idownloadblog

360

Image Credit: Idownloadblog

Apple is updating parental controls with new child safety features, including permission to text new numbers

Apple has updated parental controls in various operating systems with new child safety features, including permission to text new numbers.
Parents can now require kids to seek permission before texting new numbers and share a child’s age range with apps.
Apple's Communication Safety feature can blur nudity on FaceTime video calls and shared Photos albums.
The new parental controls are part of updated Screen Time settings arriving with iOS 26, iPadOS 26, macOS Tahoe 26, watchOS 26, visionOS 26, and tvOS 26.
Parents can approve messaging new numbers requests in the Messages app and third-party developers can implement similar requests using PermissionKit.
App Store age ratings have been updated with new options for different age groups like 13+, 16+, and 18+ to ensure age-appropriate experiences.
Apps exceeding age restrictions won't appear in App Store tabs or stories.
Parents can now grant exceptions through Ask to Buy for apps with age ratings exceeding restrictions.
Parents can share their child’s age range with apps without revealing the birthdate, and this can be managed in privacy settings.
A new feature allows parents to manage age-range info sharing options for apps in privacy settings.
Third-party developers can use Apple's Declared Age Range API to request age information and highlight content controls on App Store pages.
Apple updated child accounts to allow parents to update birthdates, correct age information, and complete account setup at a later time.

Read Full Article

21 Likes

Tech Radar

Image Credit: Tech Radar

This devious cyberattack uses smartwatches to pinch data from air-gapped systems

Academic researchers have found a way to steal data from airgapped systems using smartwatches.
The method involves malware on the target computer and a compromised smartwatch.
The attack is challenging but allows extraction of sensitive data like login credentials and encryption keys.
Airgapped computers are isolated from the internet for security purposes.
The method, named 'SmartAttack', requires physical access to the target system or an insider to plant the malware.
Malware gathers data and uses computer speakers to emit inaudible ultrasonic sounds containing stolen data.
Smartwatches equipped with a special app intercept the sounds to transmit the stolen information.
The watch must be within 6-9 meters from the speakers for successful data transmission.
Preventing SmartAttacks can involve prohibiting smartwatches, removing computer speakers, or using sound jammers.
Ways to protect against air-gap malware attacks include various security measures.
European government systems have also faced malware attacks exploiting air-gapped environments.
Guides on authenticator apps and password managers are available for enhanced security measures.

Read Full Article

1 Like

Discover more

Global Fintech Series

1.9k

Image Credit: Global Fintech Series

Automating AML Investigations with AI and Machine Learning

Financial crime, including money laundering and fraud, is evolving rapidly with increasing complexity and sophistication.
Current AML methods relying on manual processes struggle to keep up, resulting in high false positives and missed threats.
AI and ML redefine AML investigations, enabling real-time anomaly detection, automated risk assessment, and proactive fraud prevention.
The article explores how AI and ML are transforming AML investigations by automating processes and reducing false positives.
Financial institutions face challenges in detecting financial crime due to the complexities of modern criminal activities and evolving regulatory landscape.
Cryptocurrencies, DeFi, and cyber threats add layers of complexity, making it harder for institutions to monitor illicit activities.
Financial fraud driven by cybercrime, synthetic identities, and ransomware poses significant challenges for traditional AML systems.
Regulators are increasing scrutiny and penalties for non-compliance, emphasizing the need for more adaptive AML solutions.
AI and ML help overcome AML compliance challenges by providing intelligent pattern detection, reducing false positives, and enhancing customer risk profiling.
The integration of AI in AML processes enhances efficiency, reduces false positives, enables real-time anomaly detection, and offers a scalable approach to financial crime detection.

Read Full Article

13 Likes

Hackernoon

378

Image Credit: Hackernoon

Understand Tech Rolls Out Scalable, Secure AI Deployment Platform for Enterprises

Understand Tech, a leading enterprise AI platform, unveiled a product update catering to security-conscious organizations.
The update includes support for on-premise deployment with Understand AI, a local Large Language Model that operates offline.
Organizations using AWS can deploy the platform via Infrastructure as Code and enjoy Single Sign-On via OpenID Connect for secure access.
Chained Prompts, a new feature, improves long-form AI output for tasks like document generation.
The platform's AI capabilities have been enhanced with multi-step reasoning, structural coherence, and RAG optimization.
User experience upgrades consist of a redesigned interface, real-time streaming replies, and a vertical model selector.
Enterprises can now embed Understand Tech's assistant with a Custom Chat Widget, customize visual elements, and integrate with n8n for automation.
Deep CRM integration now includes Zoho CRM alongside HubSpot to capture user data and chat logs.
Upcoming Agentic AI capabilities will enable autonomous tasks driven by conversational logic, scheduled for Q3 2025.
All features are currently available for cloud-based and on-premise deployment.
Understand Tech focuses on building secure, scalable AI solutions for enterprises, emphasizing deployment flexibility, compliance, and integration.
For more information or support, contact Understand Tech via email or visit their website.
The article was authored under HackerNoon's Business Blogging Program.

Read Full Article

22 Likes

Tech Radar

361

Image Credit: Tech Radar

US government vaccine hub, Nvidia events page abused in cyberattack spewing out AI slop

Nvidia events page and US government vaccine hub among those targeted in a cyberattack.
Nvidia's events page showed explicit and AI-generated content resulting from the hijacking.
Over 62,000 AI-generated articles were posted on the Nvidia page with inaccuracies.
US HHS domain providing vaccine advice also defaced in a similar manner.
The AI-generated content did not have a consistent theme.
Spam pages directed users to a 'nonsense SEO spam page' at stocks.wowlazy[.]com.
Cybercriminals hijacked the websites but without deploying malware for profit.
The spam content included explicit as well as mundane information.
Discovery of the spam campaign occurred during a search for 'best Portland cat cafes.'
There was no indication of malware or infostealers being part of the attack.
SEO is being utilized by cybercriminals to reach a wider audience.
Mitigation strategies include disabling push notifications from unknown sites and cautious link-clicking.
TechRadar Pro approached CDC, NPR, Stanford, and Nvidia for comments without responses yet.
Cybercriminals are leveraging SEO to promote fake AI tools with malware.
Subscription to TechRadar Pro newsletter offers business-related news and guidance.

Read Full Article

21 Likes

Siliconangle

151

Image Credit: Siliconangle

Veza tackles AI credential surge with new nonhuman identity protections

Veza Inc. has launched a nonhuman identity security product to address the surge in machine identities faced by enterprises adopting artificial intelligence.
The NHI Security product offers visibility, ownership, and governance to machine identities across various environments.
The increased machine identities create chaos and security risks, with Veza aiming to provide structure and control.
Threat actors like Volt Typhoon target identities as a primary attack surface, emphasizing the importance of NHI security.
Veza offers a specialized product for machine identities supported by analytics and automation.
The platform generates a comprehensive inventory of machine identities from various platforms and supports custom enrichment rules.
Automated risk detection and mitigation features help address security gaps like dormant keys and orphaned accounts.
Ownership controls, compliance features, and alerts for orphaned NHIs ensure security and accountability.
Automated compliance enforcement is facilitated through credential hygiene tracking and least privilege validation.
Veza's CEO emphasizes that NHI security is essential for enterprises given the ratio of nonhuman to human identities.
Veza is a VC-backed startup that has raised significant funding over multiple rounds, including recent investments.
Investors in Veza include notable names like New Enterprise Associates, Google Ventures, and True Ventures.
The article also includes a message from John Furrier, co-founder of SiliconANGLE, thanking readers for their support and engagement.

Read Full Article

9 Likes

Socprime

Image Credit: Socprime

CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent

CVE-2025-32711, known as 'EchoLeak,' is a critical vulnerability in Microsoft's Copilot AI enabling a zero-click attack.
It exploits an 'LLM scope violation' and is the first known zero-click attack on an AI agent.
The discovery highlights the growing intersection between traditional software vulnerabilities and AI threats.
Cyber defenders need to adjust defense strategies to tackle such novel threats proactively.
The attack allows automatic exfiltration of sensitive data without user interaction in M365 Copilot.
Microsoft confirmed resolution of the issue and provided mitigation measures like DLP tags.
Exploitation of AI vulnerabilities emphasizes the need for proactive defenses and threat modeling.
SOC Prime Platform offers products to strengthen cybersecurity resilience against AI-driven threats.

Read Full Article

2 Likes

Securityaffairs

405

Image Credit: Securityaffairs

SinoTrack GPS device flaws allow remote vehicle control and location tracking

U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices enabling remote vehicle control and location tracking by attackers.
Potential exploitation could allow attackers to track the vehicle's location or cut power to the fuel pump.
CVE-2025-5484 involves a default password shared across all SinoTrack units, making unauthorized access easy.
CVE-2025-5485, similar to CVE-2025-5484, involves a default password shared across devices.
CISA advises changing default passwords, hiding device IDs, and assessing risks before taking action.
Users are recommended to contact the vendor directly as SinoTrack did not respond to CISA's warnings.
CISA suggests following cybersecurity best practices, avoiding phishing links, and reporting suspicious activity.
No known public exploitation of the vulnerabilities has been reported.
Users should remain vigilant and prioritize security measures to protect their devices and data.
The vulnerabilities underscore the importance of securing IoT devices against potential cyber threats.
Experts highlight the need for manufacturers to prioritize robust security measures in IoT devices.
The SinoTrack GPS vulnerabilities serve as a reminder of the risks associated with default passwords and lack of security controls.
It is crucial for users to proactively secure their IoT devices to prevent unauthorized access and potential misuse.
CISA's advisory aims to raise awareness about the vulnerabilities in SinoTrack GPS devices and promote preventative actions.
The security community emphasizes the significance of addressing vulnerabilities promptly to safeguard users' privacy and safety.
The advisory serves as a call to action for users to take proactive steps in securing their IoT devices.
Clarifications and updates may be necessary as the situation evolves, and further responses are awaited from SinoTrack regarding these critical vulnerabilities.

Read Full Article

24 Likes

Tech Radar

Image Credit: Tech Radar

Major Interpol operation takes thousands of infostealer sites offline, dozens arrested

Interpol and international partners conducted Operation Secure to disrupt a network of infostealers and malware.
During the operation, 32 people were arrested in countries like Vietnam, Sri Lanka, and Nauru.
Thousands of IP addresses hosting infostealers were taken down.
Police agencies in 26 countries collaborated to locate servers and disrupt cybercriminal campaigns.
In Hong Kong, over 1,700 pieces of intelligence helped identify 117 command-and-control servers associated with cybercrime.
41 servers were seized, over 100 GB of data obtained, and 216,000 victims identified.
More than 20,000 malicious IP addresses linked to information stealers were dismantled.
Private cybersecurity companies like Group-IB, Kaspersky, and Trend Micro provided significant intelligence during the operation.
Interpol highlighted the importance of intelligence sharing in combating global cyber threats.

Read Full Article

1 Like

TechJuice

Image Credit: TechJuice

Microsoft Races Out Critical Update As Active Cyberattacks Persist

Microsoft has released a critical security patch in response to active cyberattacks targeting Windows 10 and 11 systems.
The update addresses nearly 90 vulnerabilities, including zero-day flaws being exploited by hackers.
The evolving cyber threat landscape sees hackers exploiting vulnerabilities rapidly, emphasizing the importance of timely updates.
Microsoft has confirmed ongoing attacks against these vulnerabilities, prompting urgent updates as advised by cybersecurity agencies.
Failure to patch systems could lead to malware, ransomware, and identity theft risks, particularly for businesses.
Traditional defenses like antivirus software may not be sufficient, highlighting the need for proactive patching to prevent cyber threats.
Users are recommended to check for updates, install all security patches, enable automatic updates, avoid suspicious activities, and backup data regularly.
The future of Windows security relies on taking immediate action against cyber threats, as criminals are becoming more sophisticated and targeted.

Read Full Article

2 Likes

Lastwatchdog

SHARED INTEL Q&A: A sharper lens on rising API logic abuse — and a framework to fight back

API-driven infrastructure is crucial in today's digital enterprise, connecting various digital services from mobile apps to backend workflows.
Jamison Utter introduces the FUSS framework to address the rising threat of API logic abuse in modern infrastructure.
Attackers are now focusing on exploiting APIs for their lack of clear boundaries and multiplying quietly without central control.
APIs expose not just data but also logic, making them an attractive entry point for attackers to manipulate and exploit.
Identity in APIs is being redefined to include processes, bots, and services, leading to security challenges with trust and continuity.
The FUSS model helps security teams focus strategically on defining, prioritizing visibility, adapting to change, and embedding runtime protection.
CISOs often misconceive API protection, assuming tools like API gateways solve the issue, but true protection requires understanding behaviors and trust relationships.
A practical step for security leaders is to build a detailed API inventory, tagging each API with purpose, sensitivity, and potential consequences if abused.
The future of API protection involves deeper contextual security, like identity graphing and behavioral analytics, moving beyond perimeter enforcement to runtime accountability.
API protection is evolving towards understanding each API call's intent, history, and behavior for a more secure digital infrastructure.

Read Full Article

4 Likes

Hackernoon

396

Image Credit: Hackernoon

How to Tackle New Cybersecurity Threats and Data Breaches

The cybersecurity landscape is ever-changing, with increasing threats highlighted by incidents like the Ticketmaster data breach via Snowflake and attacks on UK retailers.
CrowdStrike's 2025 Global Threat Report shows a rise in cloud intrusions and victims, with numerous threat groups identified, including a surge in China-linked espionage attacks.
The Ticketmaster-Snowflake breach impacted over 165 organizations, demanding ransoms and raising concerns about third-party cloud security.
Major UK retailers like Co-op, Harrods, and M&S faced cyberattacks, showcasing vulnerabilities in third-party services and a shift to malware-free attacks.
Actionable steps to enhance cybersecurity include implementing phishing-resistant MFA, educating staff on social engineering tactics, and conducting cybersecurity gap analyses.
Companies should perform penetration testing, monitor third-party vendors closely, and enforce secure development practices to mitigate supply chain risks.
Despite evolving cyber threats utilizing new technology and exploiting vulnerabilities, organizations can enhance resilience through proactive defense strategies and decisive actions.

Read Full Article

23 Likes

Siliconangle

218

Image Credit: Siliconangle

Cloudflare sees massive rise in attacks targeting media, nonprofits and human rights groups

Cloudflare's report on cyberattacks targeting civil society organizations reveals a surge in attacks, with application-layer DDoS attacks surpassing web exploit attempts.
Project Galileo by Cloudflare provides free cybersecurity protection to at-risk organizations like media, nonprofits, and human rights groups to defend against cyber threats.
In the period up to March 31, Cloudflare blocked 108.9 billion threats targeted at Galileo-protected entities, marking a 241% increase from the previous year.
Independent media and journalists were the most targeted groups, facing over 97 billion blocked requests, followed by civil society and human rights organizations with nearly 9 billion requests.
Environmental and disaster relief groups experienced over 1 billion malicious requests, posing risks to critical emergency updates and operations.
Social welfare organizations, including healthcare providers, were hit with 1.5 billion attacks, with one incident impacting a Polish healthcare charity just before a major fundraiser.
Complex, multi-day attacks were observed, as seen in a 12-day campaign against Tech4Peace, demonstrating strategies to test and bypass defenses.
Cloudflare also detected coordinated attacks on Ukrainian public safety websites during Russian drone strikes, possibly aiming to disrupt real-time alert systems.
The report underlines the vulnerability of human rights groups to cyber threats due to limited resources for strong cybersecurity defenses, emphasizing the need to protect these organizations.

Read Full Article

13 Likes

For uninterrupted reading, download the app