A naukri.com initiative
Hacking News
Securityaffairs
3w
370
Image Credit: Securityaffairs
Undocumented hidden feature found in Espressif ESP32 microchip
- Undocumented hidden feature discovered in the ESP32 microchip manufactured by Espressif.
- The hidden functionality acts as a potential backdoor, enabling impersonation attacks and persistent infections on IoT devices.
- The hidden feature poses a security risk for millions of IoT devices.
- Tarlogic researchers developed BluetoothUSB, a tool for auditing Bluetooth device security to protect Bluetooth-enabled gadgets.
Read Full Article
22 Likes
Securityaffairs
3w
185
Image Credit: Securityaffairs
Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION
- Akira ransomware gang used an unsecured webcam to bypass EDR
- Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
- Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras
- International law enforcement operation seized the domain of the Russian crypto exchange Garantex
Read Full Article
11 Likes
Medium
3w
233
My Linux Tool Journey: Exploring Essential Tools ✨
- Stacer is a powerful system optimizer and resource monitor designed for Linux. It simplifies system management and improves performance.
- TimeShift is a reliable backup utility that allows you to take system snapshots and restore them when needed. It ensures quick recovery in case of failures.
- NeoFetch is a command-line tool that displays detailed system information in a visually appealing way. It is useful for showcasing system specs and troubleshooting hardware-related issues.
- Brave Browser is a privacy-centric web browser that blocks ads and trackers by default. It offers a secure and efficient browsing experience with built-in ad and tracker blocking.
Read Full Article
14 Likes
Hackersking
3w
35
Image Credit: Hackersking
New Telegram Vulnerability Evil-Dropper | CVE 2025-1450 Full Details and POC
- Telegram-EvilDropper is an exploit that abuses Telegram’s MP4 preview feature to redirect users to a website of the attacker's choice.
- Possible attack scenarios include phishing pages, malware drops, and IP & device tracking.
- To set up Telegram-EvilDropper for ethical research, clone the repository, install required dependencies, configure the redirect, generate the exploit file, and deploy the attack for testing purposes.
- Remember, this information should be used for educational purposes only and misusing it for malicious activities is illegal.
Read Full Article
2 Likes
Hackersking
3w
388
Image Credit: Hackersking
Enigma Dropper For Hosting Files and Folders On The Internet
- Enigma is a multiplatform payload dropper designed to automate and execute ease of testing system security.
- Key features of Enigma include multiplatform compatibility, automated payload execution, user-friendly interface, and lightweight and fast performance.
- To set up Enigma for ethical testing, clone the Enigma repository, install dependencies (Python 2.7), and run Enigma using the provided command.
- Enigma simplifies penetration testing across multiple platforms, aiding ethical hackers and security researchers in simulating attacks and enhancing system security.
Read Full Article
23 Likes
Crypto-News-Flash
3w
291
Image Credit: Crypto-News-Flash
1inch Faces $5M Exploit After Hackers Target Fusion v1 Contract
- Hackers exploited a vulnerability in Fusion v1 smart contract, stealing over $5 million in assets.
- The incident emphasizes the importance of upgrading to more recent and secure versions to prevent future security breaches.
- 1inch, a liquidity aggregator platform, was targeted in the attack, with hackers draining approximately $5 million worth of cryptocurrencies.
- The attack serves as a reminder of the risks associated with outdated code in decentralized finance (DeFi) and the need for rapid updates to enhance security.
Read Full Article
17 Likes
Medium
3w
234
Image Credit: Medium
⚠️ Hacking Instagram in 2025: The Secret Techniques Hackers Don’t Want You to Know!
- Despite Instagram's security updates, hackers in 2025 still exploit loopholes, misconfigurations, and human errors.
- Hackers use advanced phishing techniques like Evilginx3, Modlishka, and AI-generated phishing to steal credentials.
- API exploits such as GraphQL Injection, CSRF Token Manipulation, and WebView exploits are still used by hackers.
- Cloud-based attacks target Instagram data stored on third-party platforms through S3 bucket misconfigurations and API key leaks.
- Mobile exploits like ADB exploits, Magisk modules, and SSL Pinning Bypass are used for remote session hijacking.
- Hackers trade stolen credentials and access tokens on the Dark Web, including session tokens and brute-forced accounts.
- Security measures recommended include hardware security keys, avoiding third-party apps, and monitoring login activity.
- To stay protected, enable end-to-end encrypted DNS & VPNs and participate in bug bounty programs to contribute to security.
- The article emphasizes the importance of cybersecurity research, reporting vulnerabilities, and educating users about cyber threats.
- The author, Kashyap Divyansh, is a cybersecurity researcher specializing in AI-Based Cyber Threats and offensive security.
Read Full Article
14 Likes
Securityaffairs
3w
349
Image Credit: Securityaffairs
Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras
- Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution.
- US CISA warns about the botnets exploiting the vulnerability in Edimax IC-7100 IP cameras.
- The vulnerability (CVE-2025-1316) allows for remote code execution in Edimax IC-7100 IP cameras.
- The vendor has not addressed the vulnerability in the end-of-life Edimax IP cameras.
Read Full Article
21 Likes
Securityaffairs
3w
229
Image Credit: Securityaffairs
The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence
- Differential privacy (DP) protects data by adding noise to queries, preventing re-identification while maintaining utility, addressing Artificial Intelligence-era privacy challenges.
- In the era of Artificial Intelligence, traditional anonymization techniques have proven inadequate against sophisticated re-identification attacks, leading to the importance of robust mechanisms like DP.
- DP introduces mathematically guaranteed noise to dataset queries while maintaining statistical utility, used in healthcare, finance, and government data analytics.
- Cynthia Dwork's work on DP introduced the concept, its mathematical basis, and its application in privacy-preserving data analytics.
- Recent research has focused on applying DP in various domains, such as Google’s RAPPOR and integration with census data collection to ensure confidentiality.
- Key concepts of DP include its definition, mathematical foundation using the (ε, δ)-differential privacy model, and noise addition mechanisms like Laplace and Gaussian mechanisms.
- DP has applications in Healthcare AI by protecting patient privacy in EHRs and in Finance AI for fraud detection and risk assessment.
- Challenges of DP include determining an optimal privacy budget (ε) and managing data utility, with research focusing on adaptive noise mechanisms and federated learning.
- Author Arfi Siddik Mollashaik, a Solution Architect at Securiti.ai, specializes in data security, privacy, and compliance, with a focus on enhancing data protection programs.
- Future advancements in privacy-preserving machine learning and adaptive DP models are expected to enhance big data analytics' security and effectiveness.
Read Full Article
13 Likes
Medium
3w
39
5 Common Cybersecurity Mistakes (And How to Avoid Them)
- Phishing attacks trick individuals into providing sensitive information, such as passwords or banking details.
- Using simple, easy-to-guess passwords or reusing the same password across multiple accounts is a common cybersecurity mistake.
- Delaying or ignoring software updates leaves devices vulnerable to cyber threats.
- Connecting to unsecured public Wi-Fi networks exposes sensitive information to potential cybercriminals.
- Relying solely on a password to secure accounts is risky.
Read Full Article
2 Likes
Securityaffairs
3w
243
Image Credit: Securityaffairs
International law enforcement operation seized the domain of the Russian crypto exchange Garantex
- An international law enforcement operation led by U.S. Secret Service seized the website of the sanctioned Russian crypto exchange Garantex.
- Over $100 million in transactions conducted through Garantex were associated with illicit activities.
- Garantex became the third virtual currency exchange to be blocklisted by the U.S. after SUEX and CHATEX.
- The operation involved the U.S. DOJ, FBI, Europol, and law enforcement from Germany, the Netherlands, Finland, and Estonia.
Read Full Article
14 Likes
Securityaffairs
3w
269
Image Credit: Securityaffairs
Medusa Ransomware targeted over 40 organizations in 2025
- Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
- Between January and February 2025, the ransomware gang claimed responsibility for over 40 attacks.
- Medusa ransomware targets organizations in healthcare, non-profits, finance, and government sectors, demanding ransoms ranging from $100,000 to $15 million.
- The ransomware group relies on initial access brokers to access target infrastructure and employs various tools like SimpleHelp, AnyDesk, Navicat, RoboCopy, and Rclone for carrying out attacks.
Read Full Article
16 Likes
Medium
3w
402
Image Credit: Medium
Hackers can Take Over Your Computer using Reverse Shells (Here’s How to Protect Yourself)
- Hackers can take over your computer using reverse shells.
- Reverse shells are malicious payloads that allow attackers to remotely run commands on your system.
- It is important to take precautions to protect yourself from such attacks.
- Unusual network activity, missing files, and unknown program installations may indicate a compromised system.
Read Full Article
24 Likes
Securityaffairs
3w
243
Image Credit: Securityaffairs
Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine
- Qilin Ransomware group claims responsibility for hacking the Ministry of Foreign Affairs of Ukraine.
- The group stole sensitive data, including private correspondence, personal information, and official decrees.
- Qilin Ransomware group has been active since at least 2022 and gained attention in June 2024 for attacking Synnovis.
- The group also claimed responsibility for the recent cyberattack on Lee Enterprises, impacting dozens of local newspapers.
Read Full Article
14 Likes
Silicon
4w
380
Image Credit: Silicon
US DoJ Charges Chinese Contract Hackers, Plus Police Officers
- The US Justice Department (DoJ) has charged 12 Chinese contract hackers and Chinese law enforcement officers for their role in global computer intrusion campaigns.
- The charges were filed after investigations conducted by the FBI, revealing the involvement of Chinese nationals affiliated with the PRC's Ministry of Public Security.
- The malicious cyber actors targeted various victims, including US-based critics and dissidents of the PRC, religious organizations, multiple Asian governments, and US federal and state government agencies.
- The Chinese government has strongly denied the charges and called the US 'hypocritical,' citing US cyberattacks on China.
Read Full Article
22 Likes
For uninterrupted reading, download the app