A naukri.com initiative
Cyber Security News
Tech Radar
1M
162
Image Credit: Tech Radar
Microsoft and other security experts want a proper naming system for the worst hackers around
- Microsoft and Crowdstrike have announced a new collaboration to create a unified naming system for tracking hacking groups, making it easier for authorities, experts, businesses, and vendors to respond to cyberattacks.
- The new naming system will help streamline the tracking of hacking groups and will provide a reference guide that includes Microsoft's naming conventions and other names given by security vendors.
- Nation-state actors are categorized based on geographic locations using weather-themed suffixes, such as Typhoon for China and Blizzard for Russia, while other groups are tracked using weather event themed names like Flood, Tempest, and Tsunami.
- Google, Mandiant, and Palo Alto Networks Unit 42 will also contribute to mapping hacking group names, aiming to improve defensive measures through community-wide efforts.
Read Full Article
9 Likes
Securelist
1M
40
Image Credit: Securelist
Host-based logs, container-based threats: How to tell where an attack began
- Containers, while providing isolated runtime environments, still pose security risks due to shared host system kernel.
- Many organizations lack container visibility for security monitoring, making it challenging for threat hunters and incident responders.
- Understanding how containers are created and operate is essential for investigating security incidents in containerized environments.
- Containers rely on namespaces, control groups, union filesystems, and Linux capabilities for resource management and isolation.
- Host-based execution logs are crucial for gaining insight into processes and activities within containers from the host's perspective.
- Different container creation workflows involve high-level container runtimes like containerd or CRI-O interacting with low-level runtimes like runc.
- Processes in detached containers are reparented to a shim process, which manages the standard input/output for the container and ensures process cleanup.
- BusyBox-based containers use minimalist utilities to reduce image sizes, with applets managing and executing commands within the container.
- Threat hunters can leverage knowledge of container execution behaviors, such as BusyBox processes, to detect suspicious activities within containers.
- Monitoring container activity and abnormal entrypoints is crucial for identifying and responding to container-based threats effectively.
Read Full Article
2 Likes
TechJuice
1M
383
Image Credit: TechJuice
Mysterious Whistleblower Exposes Major Ransomware Kingpins
- An anonymous whistleblower, GangExposed, is revealing the identities of ransomware operators, including 'Stern' and 'Professor.'
- The leaks have led to the identification of key ransomware figures and dismantling of cybercrime networks, impacting global cybersecurity.
- Law enforcement efforts, such as Operation Endgame, have resulted in major seizures and international arrest warrants for suspects in cybercrime networks.
- The role of whistleblowers like GangExposed is crucial in combating cyber threats, raising ethical questions about doxxing and vigilante actions in cybersecurity.
Read Full Article
23 Likes
TechBullion
1M
393
Image Credit: TechBullion
Cybersecurity’s Double-Edged Sword: AI as a Weapon and a Defense
- AI is transforming cybersecurity, where cybercriminals use AI for sophisticated attacks that challenge traditional security measures.
- The cybersecurity industry responds with advanced AI defense systems to combat the increasing threat. AI cybersecurity market is projected to reach $140 billion by 2032.
- Financially devastating impacts are seen from AI attacks, with organizations losing millions due to deepfake fraud attempts that are rapidly increasing.
- Organizations are fighting back with AI defense mechanisms, saving millions per breach through AI security investments, despite challenges in implementation and skill shortages.
Read Full Article
23 Likes
Medium
1M
324
Image Credit: Medium
7 Key Benefits of GRC In 2025
- Governance, Risk, and Compliance (GRC) is essential for businesses in 2025 to navigate new data laws, faster AI, and global supply chains efficiently.
- Benefits of GRC include improved project delivery, increased trust from investors and customers, faster decision-making, better risk management, and automation of tasks leading to cost and time savings.
- GRC tools help identify and address threats such as cyber risks, third-party issues, climate concerns, and conduct problems, leading to a more secure business environment.
- Implementing a mature GRC framework results in scalability, compliance with regulations, transparency in operations, and alignment with business strategy for sustained growth and resilience.
Read Full Article
19 Likes
Tech Radar
1M
166
Image Credit: Tech Radar
Security bug at compliance firm Vanta exposed customer data to other users
- Security and compliance automation company Vanta introduced a bug in its code, leading to sensitive customer data being shared with other customers.
- The incident, discovered on May 26, affected fewer than 4% of Vanta customers, totaling potentially up to 400 individuals.
- Data typically exposed includes employee names, roles, and information about various tools like 2FA.
- Vanta, which helps businesses with security certifications, is addressing the breach, with remediation efforts expected to be completed by June 4.
Read Full Article
10 Likes
TechBullion
1M
428
Image Credit: TechBullion
Top Benefits of Using a DDoS Mitigation Service for Business Continuity
- DDoS attacks can quickly bring down a business's website by overwhelming it with false traffic.
- Using a DDoS mitigation service is essential for maintaining business continuity in the face of such attacks.
- These services prevent downtime by identifying and filtering out malicious traffic before it reaches servers.
- By ensuring uninterrupted service, businesses can maintain customer trust and avoid negative publicity.
- Revenue loss due to downtime, particularly during critical periods like Black Friday, can be costly.
- Specialized DDoS mitigation services relieve the burden on in-house IT teams, allowing them to focus on core responsibilities.
- Having a mitigation plan in place minimizes stress during attacks and provides a sense of security and preparedness.
- Businesses subject to regulations can use DDoS solutions to meet compliance obligations and protect sensitive information.
- As businesses grow, DDoS protection becomes increasingly crucial due to heightened visibility to attackers.
- Mitigation services not only prevent attacks but also enable quick recovery and continuous operation.
Read Full Article
25 Likes
TechBullion
1M
265
Image Credit: TechBullion
Security Without Compromise: How OKToken Automates Trust
- OKToken automates trust by removing the need for users to rely on promises and manual controls, offering a secure DeFi token with verified on-chain operations and transparent logic.
- Unique to OKToken is its mathematically protected growth model that ensures price stability and eliminates risks associated with sudden volatility, dumps, or manipulation common in typical DeFi tokens.
- OKToken's contract on Ethereum is fully verifiable, contains no manual intervention functions, and enforces a +20% net gain auto-profit-locking mechanism, providing decentralization and risk control.
- With complete transparency, OKToken operates on the blockchain, logs all transactions, and allows users to verify the token's legitimacy without needing to trust the team, setting a high standard for secure DeFi systems.
Read Full Article
15 Likes
Siliconangle
1M
320
Image Credit: Siliconangle
Bitdefender report finds 84% of major attacks now involve legitimate tools
- A report by Bitdefender Labs has revealed that 84% of major security incidents now involve the use of legitimate system tools, a tactic known as 'Living off the Land.'
- The study of 700,000 security incidents found that nearly all major security incidents utilize trusted binaries, tools, and utilities present in enterprise environments.
- Attackers frequently use tools like netsh.exe, powershell.exe, reg.exe, cscript.exe, and rundll32.exe for malicious purposes, exploiting their dual functionality.
- The report emphasizes the challenge for defenders in distinguishing legitimate use from malicious intent within these tools and suggests a shift towards security solutions like Bitdefender's PHASR for neutralizing threats.
Read Full Article
19 Likes
Securityaffairs
1M
283
Image Credit: Securityaffairs
Google fixed the second actively exploited Chrome zero-day since the start of the year
- Google released out-of-band updates to address three vulnerabilities in Chrome, including one actively exploited in the wild (CVE-2025-5419).
- The actively exploited vulnerability allows an attacker to trigger heap corruption via a crafted HTML page.
- In addition, Google addressed another medium-severity flaw in the Blink rendering engine (CVE-2025-5068).
- This is the second actively exploited Chrome zero-day fixed by Google since the beginning of the year.
Read Full Article
17 Likes
Medium
1M
356
Image Credit: Medium
The Daily Tech Digest: 03 June 2025
- The field of Artificial Intelligence and Machine Learning is rapidly advancing with significant progress in model evaluation, diverse sector applications, and strategic investments.
- HyperwriteAI's successful A/B test of GPT-4.1 on Stripe showed a significant boost in customer purchases, highlighting the practical business value of AI models.
- Prominent investor Elad Gil is focusing on 'AI-powered rollups,' indicating a new investment trend in optimizing business consolidation through AI.
- Google DeepMind's MedGemma model for medical text and image comprehension marks a significant step in democratizing powerful medical AI tools.
- Jony Ive's OpenAI device gaining approval adds credibility to OpenAI's hardware ambitions, emphasizing a focus on design and user experience.
- Sam Altman's biographer highlights his unique suitability for driving AI advancement, reflecting a blend of personal traits and strategic vision.
- Scale AI's acquisition of Pesto AI team enhances its talent acquisition capabilities, potentially streamlining recruitment using AI for operational efficiency.
- Firebase Data Connect enables developers to create AI agents with their data, simplifying the development of customized AI solutions.
- NVIDIA's integration of AI with physical simulation and robotics at COMPUTEX2025 showcases advancements in industrial automation and digital twin technology.
- Cybersecurity remains critical with evolving threats like advanced stealthy cyberattacks and exploited vulnerabilities, emphasizing the need for advanced defense strategies.
Read Full Article
21 Likes
Securityaffairs
1M
283
Image Credit: Securityaffairs
Cryptojacking campaign relies on DevOps tools
- A cryptojacking campaign, known as JINX-0132, is targeting exposed DevOps servers like Docker and Gitea to mine cryptocurrency secretly.
- The threat actors exploit misconfigurations and vulnerabilities in tools like Nomad, Consul, Docker, and Gitea to deliver the miner.
- The attackers rely on public GitHub tools and XMRig versions instead of custom malware, making attribution and clustering difficult.
- This campaign highlights the importance of securing DevOps tools properly, as 25% of cloud environments use these technologies, with 5% exposed directly to the internet and 30% of those misconfigured.
Read Full Article
17 Likes
Siliconangle
1M
360
Image Credit: Siliconangle
Managed cybersecurity service startup ThreatSpike raises $14M
- U.K.-based cybersecurity startup ThreatSpike secures $14 million in Series A funding from Expedition Growth Capital.
- ThreatSpike offers a next-generation managed security service that combines technology and expertise to detect and mitigate cyber threats for businesses.
- The company differentiates itself by providing a personalized partnership approach with customers, offering fully managed detection and response, along with penetration testing.
- ThreatSpike plans to utilize the funding to support global expansion, grow its teams, and accelerate its product roadmap.
Read Full Article
21 Likes
SiliconCanals
1M
45
Image Credit: SiliconCanals
UK’s ThreatSpike lands €12.2M: Wife-husband duo Kate and Adam Blake on ending a 14-year bootstrapping run and simplifying enterprise cybersecurity
- London-based cybersecurity provider ThreatSpike secures €12.2M in Series A funding led by Expedition Growth Capital, supporting global expansion and team growth.
- Expedition Growth Capital praised ThreatSpike for high customer satisfaction and referred growth, with Will Sheldon and Emily Orton joining the board of directors.
- The funding will facilitate hiring across engineering, security operations, and go-to-market teams, aiming for a 75-person team by year-end.
- ThreatSpike's platforms, such as ThreatSpike Blue and ThreatSpike Red, offer managed detection, response and unlimited penetration testing.
- Founded in 2011 by Adam and Kate Blake, ThreatSpike addresses cybersecurity fragmentation by standardising threat detection and investigation.
- The company simplifies cybersecurity through AI-driven real-time threat monitoring and response, enhancing incident triage and resolution efficiency.
- Having been bootstrapped for 14 years, ThreatSpike emphasizes the struggle in scaling due to financial constraints and the vendors' complex cybersecurity product offerings.
- Adam Blake highlights industry failures in delivering straightforward cybersecurity solutions, pointing out vendors' fragmented toolsets and unclear coverage.
- ThreatSpike serves over 200 customers worldwide, including industry leaders in various sectors, aiming to mitigate cybersecurity challenges with streamlined solutions.
Read Full Article
2 Likes
Nvidia
1M
9
Image Credit: Nvidia
Bring Receipts: New NVIDIA AI Blueprint Detects Fraudulent Credit Card Transactions With Precision
- Financial losses from worldwide credit card transaction fraud are projected to reach more than $403 billion over the next decade.
- New NVIDIA AI Blueprint for financial fraud detection launched at Money20/20 conference, offering a reference example for financial institutions to improve accuracy and reduce false positives in detecting and preventing credit card transaction fraud.
- Businesses embracing comprehensive machine learning tools can observe up to a 40% improvement in fraud detection accuracy, with leading financial organizations like American Express and Capital One already utilizing AI to combat fraud and enhance customer protection.
- The NVIDIA AI Blueprint accelerates model training and inference, integrates accelerated computing and graph neural networks for fraud detection, and enhances the XGBoost ML model with NVIDIA CUDA-X Data Science libraries to reduce false positives.
Read Full Article
Like
For uninterrupted reading, download the app