menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Embedded

1M

read

431

img
dot

LDRA Joins Forces with Renesas Ready Partner Network and R-Car Consortium to Drive Safety-Critical Software Verification and Compliance

  • LDRA has partnered with Renesas Ready Partner Network and R-Car Consortium to support system development with Renesas R-Car SoCs, MPUs, and MCUs for functional safety and cybersecurity standards.
  • The integration allows compliance with standards like ISO 26262, IEC 61508, IEC 62443-4-1, IEC 60880, and more in industries such as automotive, industrial, medical, and rail transportation.
  • LDRA tools now integrate with Renesas IDEs, enabling verification in development environments like e² studio and CS+ for RZ series MPUs, RA, RX, and RL78 MCU families.
  • The LDRA tool suite supports verification on R-Car platforms for various automotive applications, offering static analysis, dynamic testing, and functional validation to ensure safety compliance.

Read Full Article

like

25 Likes

share

6 Shares

source image

Tech Radar

1M

read

148

img
dot

Image Credit: Tech Radar

A new 'Wikipedia for extensions' wants to make your web browser far more secure by exposing dangerous tools

  • Browser extensions can pose significant security risks by harvesting data without user awareness.
  • LayerX has introduced ExtensionPedia, a comprehensive database to assess the risks associated with over 200,000 browser extensions across Chrome, Firefox, and Edge.
  • Major app stores are criticized for superficial vetting of extensions, leading to security gaps that are exploited by malicious actors for activities like spyware and data theft.
  • While ExtensionPedia offers transparency by providing risk scores and detailed analyses, its effectiveness in enhancing cybersecurity practices and user awareness remains to be seen.

Read Full Article

like

8 Likes

share

2 Shares

source image

Securityaffairs

1M

read

274

img
dot

Image Credit: Securityaffairs

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

  • Ukraine’s military intelligence agency GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data.
  • The breach exposed internal communications, staff details, engineers' resumes, procurement records, and confidential meeting minutes.
  • Ukrainian intelligence source stated that nearly all of Tupolev's secrets are now exposed, impacting Russia's strategic aviation operations.
  • Ukraine's GUR had monitored Tupolev's internal flow for months, defacing Tupolev's website symbolically and targeting Russia's defense industry.

Read Full Article

like

16 Likes

share

3 Shares

source image

TechCrunch

1M

read

225

img
dot

Image Credit: TechCrunch

Ransomware gang claims responsibility for Kettering Health hack

  • A ransomware gang, Interlock, has claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio, which forced the healthcare system to shut down all computer systems for two weeks.
  • Interlock stated they stole more than 940 gigabytes of data from Kettering Health and published some of the stolen data, including private health information and employee data, on their dark web site.
  • Interlock's public acknowledgment of the breach could indicate that negotiations with Kettering Health have stalled, potentially leading to the exposure of the stolen data. Kettering Health's senior vice president stated that the company did not pay any ransom to the hackers.
  • Kettering Health was able to restore core components of its electronic health record system provided by Epic, marking a significant step towards normal operations post-cyberattack.

Read Full Article

like

13 Likes

share

3 Shares

source image

Unite

1M

read

441

img
dot

Image Credit: Unite

How to Address the Network Security Challenges Related to Agentic AI

  • Agentic AI, a proactive technology, utilizes large language models and machine learning to function autonomously and enhance productivity.
  • Security, governance, and compliance concerns arise with the advancement of agentic AI, necessitating measures to ensure network security and efficiency.
  • Agentic AI poses challenges in perception, decision-making, action execution, and learning, requiring access to vast datasets and integration with sensitive information systems.
  • Network security challenges include vulnerabilities in cross-cloud connectivity, egress security issues, and risks of data breaches and disinformation distribution.
  • Observability and traceability are hindered by agentic AI's dynamic nature, impacting security audits and data flow tracking.
  • The dynamic and extensive nature of agentic AI agents increases the attack surface, making networks vulnerable to breaches and creating a need for continuous security maintenance.
  • Security solutions at each operational step, such as encrypted connectivity, cloud firewalls, observability, and traceability, are essential to mitigate agentic AI security challenges.
  • Organizations must deploy high-speed encrypted connectivity and implement observability and traceability to safeguard data and track AI agents' actions.
  • Companies invest in protective measures like egress security to prevent exfiltration and command and control breaches that could compromise sensitive algorithms.
  • To harness agentic AI securely, businesses must collaborate with cloud security experts to develop scalable security strategies that address the technology's unique risks.
  • Partnerships with security experts enable enterprises to manage AI agents effectively, maintain compliance, and defend against sophisticated cyber threats.

Read Full Article

like

26 Likes

share

6 Shares

source image

Tech Radar

1M

read

13

img
dot

Image Credit: Tech Radar

Cybercriminals are using SEO to get popular fake AI tools loaded with malware to rank high on Google

  • Cybercriminals are using SEO manipulation to distribute malware disguised as fake AI tools to target tech marketing and B2B users.
  • Fake software is promoted through search engines and social platforms, focusing on industries like tech, marketing, and B2B sales.
  • Attacks involve cloning legitimate AI services like 'NovaLeads' and utilizing SEO tactics to rank the fake websites high on search engines.
  • Newly identified malware called Numero disrupts Windows interface, highlighting the growing threat cybercriminals pose by leveraging the popularity of AI software.

Read Full Article

like

Like

share

Share

source image

Unite

1M

read

90

img
dot

Image Credit: Unite

From Jailbreaks to Injections: How Meta Is Strengthening AI Security with Llama Firewall

  • Large language models like Meta’s Llama series have revolutionized AI, leading to advanced capabilities and increased security threats.
  • Meta addresses AI security challenges like jailbreaks, prompt injections, and unsafe code generation with LlamaFirewall.
  • AI jailbreaks bypass safety measures by exploiting vulnerabilities in models to generate harmful or inappropriate content.
  • Examples of AI jailbreak techniques include the Crescendo Attack, DeepMind’s Red Teaming Research, and Lakera’s Adversarial Inputs.
  • Prompt injection attacks involve introducing inputs to alter AI behavior subtly, potentially leading to misinformation or data breaches.
  • Unsafe code generation by AI assistants poses security risks like vulnerabilities to SQL injection, emphasizing the need for real-time protection measures.
  • LlamaFirewall by Meta is an open-source framework that offers real-time protection against jailbreaks, prompt injections, and unsafe code.
  • LlamaFirewall comprises components like Prompt Guard 2, Agent Alignment Checks, and CodeShield to safeguard AI systems at different stages.
  • Meta’s LlamaFirewall is already used to secure AI systems in travel planning, coding assistants, and email security, preventing unwarranted actions.
  • Understanding and implementing robust security measures like LlamaFirewall is vital to ensure the trustworthiness and safety of AI systems.

Read Full Article

like

5 Likes

share

1 Share

source image

VentureBeat

1M

read

459

img
dot

Image Credit: VentureBeat

OpenAI hits 3M business users and launches workplace tools to take on Microsoft

  • OpenAI's business user base has increased to 3 million, up by 50% since February, as the company launches new workplace tools to compete with Microsoft's enterprise AI offerings.
  • New features introduced by OpenAI include connectors integrating ChatGPT with business applications, a meeting transcription tool called Record Mode, and enhanced versions of Deep Research and Codex coding tools.
  • The company positions itself as a prime destination for cutting-edge AI capabilities, emphasizing direct access to top models, enterprise-grade security, and a focus solely on advancing artificial intelligence.
  • OpenAI's connectors enable direct access to company data from platforms like Dropbox, Box, SharePoint, OneDrive, and Google Drive through ChatGPT, streamlining workflows.
  • Features like Record Mode for meeting transcription, Deep Research for research tasks, and Codex for software engineering bolster OpenAI's suite of workplace tools.
  • OpenAI's focus on enterprise-grade security measures and a commitment to not training models on business customer data aim to address concerns about data security and privacy.
  • Despite rapid growth and technical advancements, questions persist about data security, privacy, and skepticism among IT decision-makers regarding cloud-based AI services.
  • OpenAI's success in enterprise markets stems from its technical prowess in reasoning, research tasks, and coding automation, contributing to the company's competitive edge.
  • Challenges remain, including talent retention, competition from rivals like Anthropic, questions around governance and funding, and maintaining technical leadership amid industry transformations.
  • The company's growth to 3 million business users signals mainstream adoption of AI in corporate settings and represents a significant milestone in the technology industry's evolution.
  • OpenAI's ability to navigate these challenges and sustain its current advantages will determine its success in capturing enterprise market share amidst competition from tech giants and startups.

Read Full Article

like

26 Likes

share

6 Shares

source image

TechCrunch

1M

read

234

img
dot

Image Credit: TechCrunch

CrowdStrike’s former CTO on cyber rivalries and how automation can undermine security for early-stage startups

  • CrowdStrike's former CTO, Dmitri Alperovitch, highlights the vulnerability of humans in companies and the risks of automation in cybersecurity.
  • As the Chinese AI market shifts away from U.S. chipmakers and cyber threats increase, the interconnection between tech, security, and geopolitics becomes more evident.
  • In a conversation on TechCrunch's Equity podcast, Alperovitch discusses the evolving cybersecurity landscape, the importance of security for startups, and the impact of global rivalries on innovation.
  • Topics covered include challenges faced by secure-by-design startup founders, the influence of AI export controls on innovation, and investor expectations in cybersecurity startups.

Read Full Article

like

14 Likes

share

3 Shares

source image

Insider

1M

read

139

img
dot

Image Credit: Insider

As AI PCs take over, business leaders must bolster their cybersecurity strategies, experts say

  • Businesses and employees are increasingly using AI PCs, devices with built-in AI hardware and software, storing sensitive data that could be exposed to cyberattacks.
  • AI PCs are projected to represent 43% of all PC shipments in 2025 and are anticipated to be the only available PC sold to large companies by next year.
  • The integration of neural processing units in AI PCs allows for faster data processing directly on the devices compared to traditional computers using cloud-based servers.
  • However, the growing popularity of AI PCs presents new cybersecurity challenges for companies, requiring additional security measures to protect sensitive data against cyber threats.
  • Risks associated with AI PCs include AI model inversion attacks and data poisoning, where cyberattackers manipulate AI systems to access or alter sensitive data.
  • Security measures when purchasing AI PCs include ensuring trust in vendors, buying directly from reputable sources, and verifying components for tamper-free devices.
  • Employee training and safeguards are crucial in balancing access to data on AI PCs while protecting sensitive company information from potential attacks.
  • Speed of communication and proactive measures in preventing data breaches are highlighted as essential strategies for safeguarding AI PCs.
  • Creating virtual environments on personal AI devices can help prevent malware from untrusted apps, ensuring the security of company-endorsed software.
  • Cybersecurity experts emphasize applying fundamental security principles to AI PCs, leveraging decades of experience in protecting against evolving cyber threats.

Read Full Article

like

8 Likes

share

1 Share

source image

Tech Radar

1M

read

108

img
dot

Image Credit: Tech Radar

Google quietly released a security fix for a worrying Chrome zero-day flaw, so patch now

  • Google has fixed a zero-day vulnerability in Chrome, known as CVE-2025-5419, which is being actively exploited.
  • The vulnerability is an out-of-bounds read and write flaw in V8, the JavaScript engine used in Chrome and Node.js.
  • Users are urged to update to Chrome version 137.0.7151.68 immediately to patch the vulnerability on Windows, macOS, and Linux.
  • Although Chrome usually updates automatically, users can check for updates manually by navigating to the Chrome menu > Help > About Google Chrome and clicking 'Relaunch.'

Read Full Article

like

6 Likes

share

1 Share

source image

TechDigest

1M

read

407

img
dot

Image Credit: TechDigest

Microsoft offers free cybersecurity boost to European governments

  • Microsoft launches cybersecurity program offering free services to European governments to combat cyber threats.
  • The initiative aims to enhance intelligence-sharing on AI-based threats and provide support in preventing and disrupting cyberattacks.
  • The program will be available to European Union member states, EU accession countries, EFTA members, the United Kingdom, Monaco, and the Vatican.
  • Microsoft's long-term commitment involves boosting cybersecurity capabilities, enhancing AI-based threat intelligence sharing, and building partnerships to counter cyberattacks.

Read Full Article

like

24 Likes

share

5 Shares

source image

Dev

1M

read

63

img
dot

Image Credit: Dev

Security Starts With Developer Enablement: Lessons From PHP TEK 2025

  • The Village of Rosemont in Chicago hosted PHP TEK 2025, a key event for PHP enthusiasts and web developers.
  • Eric Mann emphasized the importance of threat modeling for proactive security measures at the conference.
  • Peter Meth highlighted security implications in architectural decisions, promoting embedded security practices.
  • Tim Lytle stressed the importance of relevant testing and maintaining security integrations effectively.
  • Developers were recognized as partners in security efforts, emphasizing the need for collaboration rather than imposition.
  • Security maturity involves creating guides and fostering conversations rather than imposing compliance measures.
  • Improved communication and collaboration between security teams and developers are crucial for effective security practices.
  • Shared responsibility with differentiated expertise was proposed as a model for sustainable security ownership.
  • Security teams are evolving to be developer advocates, ensuring better integration of security practices into development processes.
  • The culture of security needs to align with developer practices to make security measures more easily adopted and implemented.

Read Full Article

like

3 Likes

share

Share

source image

TechCrunch

1M

read

337

img
dot

Image Credit: TechCrunch

Data breach at newspaper giant Lee Enterprises affects 40,000 people

  • Lee Enterprises, a newspaper publishing giant, confirms a data breach affecting 39,779 individuals, including personal information like Social Security numbers.
  • The breach primarily impacts former and current employees of the company and was a result of a ransomware attack in February.
  • Lee Enterprises, a major U.S. newspaper publisher, suffered disruptions in printing and operations due to the ransomware attack by the Qilin group, affecting media outlets across the country.
  • The breach also led to delays in payments to freelancers and contractors, with the company yet to respond to requests for comments on the incident.

Read Full Article

like

20 Likes

share

4 Shares

source image

Lastwatchdog

1M

read

184

img
dot

News alert: $198K in Grants Awarded to Boost Cybersecurity Workforce in Massachusetts

  • The Healey-Driscoll administration and MassTech's MassCyberCenter awarded $198,542 in grants to four Massachusetts-based programs to enhance the cybersecurity workforce.
  • The Alternative Cyber Career Education (ACE) Grant Program aims to provide alternative pathways for cybersecurity training beyond traditional degree programs.
  • The grants will support training for over 200 professionals in Massachusetts and help increase cybersecurity employment across the state.
  • The awarded organizations include Burlington High School, ISACA, Per Scholas Greater Boston, and Westfield Technical Academy, focusing on expanding cybersecurity education and certification programs.

Read Full Article

like

11 Likes

share

2 Shares

Prev

90
91
92
93
94
95
96
97
98
99
100

Next

For uninterrupted reading, download the app