A naukri.com initiative
Hacking News
Medium
1d
142
Image Credit: Medium
Why Your Passwords Aren’t Safe: 7 Urgent Security Steps You Need Today
- Thousands of accounts are breached daily due to weak passwords, reuse across apps, and ignoring basic security habits.
- Hackers can crack complex passwords in seconds and steal databases with millions of login details.
- Most individuals are unaware of being hacked until it's too late, emphasizing the urgent need for enhanced account security measures.
- It's crucial to take immediate steps to secure your accounts, as even commonly perceived 'safe' passwords are vulnerable to hacking threats.
Read Full Article
8 Likes
Securityaffairs
1d
65
Image Credit: Securityaffairs
China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
- China-linked APT group UnsolicitedBooker used a new backdoor named MarsSnake to target an international organization in Saudi Arabia.
- The group employed spear-phishing emails with fake flight ticket lures to infiltrate systems and has a history of targeting government organizations in Asia, Africa, and the Middle East.
- UnsolicitedBooker's arsenal includes backdoors like Chinoxy, DeedRAT, Poison Ivy, and BeRAT, commonly seen in Chinese APT groups, indicating espionage and data theft motives.
- The repeated attacks on the Saudi organization in 2023, 2024, and 2025 show a persistent interest from UnsolicitedBooker in the specific target.
Read Full Article
3 Likes
TheNewsCrypto
1d
208
Mitroplus Labs Founder Kidnapped in $500K Crypto Ransom Plot
- Festo Ivaibi, the founder of Mitroplus Labs, has been kidnapped by criminal gangs demanding a $500,000 ransom and access to his crypto wallets, causing a drastic fall in the price of the Afro memecoin introduced by the firm in 2024.
- The criminals posed as Ugandan security officers, abducted Ivaibi, demanded the ransom, and emptied the Afro memecoin after the funds were transferred, although the community funds were reportedly unharmed.
- The incidents reveal a surge in crypto-related crimes in Uganda, where the lack of officially recognized cryptocurrencies has contributed to the challenges faced by individuals like Ivaibi and other crypto entrepreneurs.
- The situation has raised concerns leading to measures by governments to protect crypto entrepreneurs, with seven out of 48 reported cases in Africa being linked to the same criminal group targeting individuals with significant crypto holdings.
Read Full Article
12 Likes
Siliconangle
1d
73
Image Credit: Siliconangle
Strider upgrades Spark platform to deliver faster threat intelligence against nation-state attacks
- Strider Technologies has upgraded its Spark platform to provide faster threat intelligence against nation-state attacks.
- The AI-driven threat intelligence engine now enables organizations to combine external intelligence with internal data for real-time insights, reducing investigation times significantly.
- The upgrades focus on assisting industry, government, and academic organizations vulnerable to nation-state attacks, offering detailed threat analysis within seconds.
- Strider's Spark platform rapidly analyzes data points to help organizations uncover and mitigate state-sponsored threats in real time, with features for ease of use and efficiency.
Read Full Article
4 Likes
Securityaffairs
1d
127
Image Credit: Securityaffairs
UK’s Legal Aid Agency discloses a data breach following April cyber attack
- The UK's Legal Aid Agency suffered a cyberattack in April, leading to a data breach where sensitive information of legal aid applicants was stolen.
- The cyberattack on the Legal Aid Agency, part of the UK Ministry of Justice, compromised personal data dating back to 2010, including contact details, national ID numbers, and financial information.
- The agency worked with authorities like the National Crime Agency and National Cyber Security Centre to investigate the breach and discovered that hackers accessed and downloaded significant amounts of personal data.
- In response to the breach, the Legal Aid Agency took down its online service, implemented security measures, and assured continued access to legal support for those in need.
Read Full Article
7 Likes
Metro
1d
175
Image Credit: Metro
Supplier to Tesco, Sainsbury’s, and Aldi ‘held to ransom’ in cyber attack
- A distributor to major UK supermarkets including Tesco, Sainsbury's, and Aldi, Peter Green Chilled, was targeted by cyber hackers demanding ransom.
- The cyber attack occurred last week, leading the logistics firm to halt order processing on Thursday, affecting suppliers like Mr Emmanuel-Jones, who risk losing products like ten pallets of meat if not delivered to retailers.
- Cyber expert Tim Grieveson highlights the impact of cyber attacks on supply chains, emphasizing the potential for disrupted operations, wasted inventory, lost revenue, and food security issues like spoiled perishable goods.
- Similar cyber attacks have been reported on major supermarkets like M&S, resulting in significant financial losses and data breaches, emphasizing the critical need for cybersecurity measures to safeguard supply chain operations.
Read Full Article
10 Likes
Medium
1d
330
Image Credit: Medium
DeFi Summer: The Golden Days of Liquidation
- A new liquidation bot, address 0x8329F4, has been dominating the Compound v2 battlefield by winning liquidations consistently despite not being the fastest or most efficient.
- This successful performance by the new liquidator started after Compound introduced the Open Price Feed Proposal on August 20, 2020, aiming to increase transparency in asset price updates and community participation.
- The liquidator manipulated the system by posting prices and exploiting the protocol mechanics, ultimately using GasToken2 to increase profits by executing the liquidation in one atomic transaction.
- This incident showcases how understanding and leveraging protocol mechanics in DeFi can be more important than speed or gas optimization, ultimately leading to successful operations within the system.
Read Full Article
19 Likes
Securityaffairs
2d
235
Image Credit: Securityaffairs
Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025
- Mozilla addressed two critical vulnerabilities in the Firefox browser that could have been exploited to access sensitive data or achieve code execution.
- The vulnerabilities were demonstrated as zero-day flaws during the recent Pwn2Own Berlin 2025 hacking contest.
- One vulnerability, CVE-2025-4918, involved an out-of-bounds access when resolving Promise objects.
- The other vulnerability, CVE-2025-4919, pertained to an out-of-bounds access when optimizing linear sums.
Read Full Article
14 Likes
Hackersking
2d
303
Image Credit: Hackersking
Top Entry Points for Cyber Attacks: What Every Organization Must Know
- Cyber threats are becoming more complex and frequent, emphasizing the importance of cybersecurity awareness for individuals and organizations.
- Credential-based attacks account for over half of all cyber intrusions, with common techniques including phishing, social engineering, and brute-force attacks.
- Device attacks target misconfigured or outdated systems through methods like malware attacks, zero-day exploits, and misconfiguration exploits.
- Initial infection vectors, though the smallest portion, can still lead to serious breaches and include methods like drive-by downloads, watering hole attacks, and malvertising.
Read Full Article
18 Likes
Securityaffairs
2d
363
Image Credit: Securityaffairs
Japan passed a law allowing preemptive offensive cyber actions
- Japan has enacted the Active Cyberdefense Law, allowing preemptive offensive cyber operations to counter threats before damage occurs.
- The law permits government agencies to conduct hacking back operations to neutralize threat actors targeting Japan and its organizations.
- Japan's new Active Cyberdefense Law enables preemptive targeting of hostile infrastructure, reflecting a shift in national and allied security priorities.
- The Japanese government aims to fully implement the new legal framework by 2027 to enhance cyber defense capabilities and align with major Western powers.
Read Full Article
21 Likes
Securityaffairs
2d
281
Image Credit: Securityaffairs
James Comey is under investigation by Secret Service for a seashell photo showing “8647”
- Former FBI chief James Comey is under investigation by the Secret Service for sharing an image of seashells arranged to display the numbers ‘8647,’ which some interpret as incitement to violence against Trump.
- The post on Instagram was later deleted, and the Secret Service is investigating the matter.
- The number '86' is slang for 'to reject' or 'to get rid of', and '47' is likely a reference to Trump being the 47th US president.
- Comey claims he did not know what the numbers meant and removed the post, stating he opposes violence.
Read Full Article
16 Likes
Securityaffairs
2d
237
Image Credit: Securityaffairs
Pwn2Own Berlin 2025: total prize money reached $1,078,750
- Pwn2Own Berlin 2025 total prize money reached $1,078,750 over three days, with $383,750 awarded on the final day.
- Participants demonstrated 28 unique zero-days in products such as VMware Workstation, ESXi, Windows, NVIDIA, and Firefox, earning a total of $1,078,750, including 7 in the AI category.
- STAR Labs SG won the 'Master of Pwn' title with $320,000 and 35 points.
- Various participants exploited vulnerabilities, with exploits including a zero-day in ESXi earning $112,500, a heap-based buffer overflow in VMware Workstation earning $80,000, and a TOCTOU race condition in Windows earning $70,000.
Read Full Article
14 Likes
Medium
3d
116
Building Ransomware Resilience: Why Product Strategies Must Prioritise Comprehensive Recovery Plans
- The April 2025 ransomware attacks on major retailers exposed vulnerabilities, leading to data theft and disruptions in operations.
- Recovery plans are crucial in dealing with modern ransomware, requiring more than just backups for data restoration.
- To enhance ransomware resilience, product managers must integrate recovery plans at every stage of product development.
- Key best practices include rapid system isolation, building alternative systems for failover, prioritizing secure backups, embedding incident response tools, training employees, and testing recovery plans.
Read Full Article
6 Likes
Securityaffairs
3d
236
Image Credit: Securityaffairs
Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION
- US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials
- New botnet HTTPBot targets gaming and tech industries with surgical attacks
- Google fixed a Chrome vulnerability that could lead to full account takeover
- Coinbase disclosed a data breach after an extortion attempt
Read Full Article
14 Likes
Securityaffairs
3d
382
Image Credit: Securityaffairs
Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide
- Chinese-made power inverters in US solar farm equipment were found to have 'kill switches', including hidden cellular radios, that could potentially allow Beijing to remotely disable power grids during a conflict.
- Experts discovered rogue devices, such as hidden cellular radios, in Chinese-made power inverters used globally, raising concerns about the possibility of remote power grid disruptions in critical infrastructure.
- US experts found undocumented communication devices like cellular radios in batteries from various Chinese suppliers, indicating a potential covert means to physically destroy power grids.
- US Representative August Pfluger emphasized the threat posed by such rogue devices, expressing the need to enhance efforts against Chinese interference in sensitive infrastructure to safeguard national security.
Read Full Article
22 Likes
For uninterrupted reading, download the app