Cyber Security News

Gemini App Will Offer Enterprise-Grade Data Protection Enterprise-grade data protection for qualifying Google Workspace for Education editions, including Education Standard and Education Plus. Cyber_Security_Channel

How to Protect Your Phone and Data Privacy at the US Border Privacy experts say everyone should conduct a personal risk assessment – which should include your immigration status, travel history and what data you might have on your phone. There’s not a one-size-fits all solution because data that may seem sensitive to some may not be to others, depending on your circumstances. The most important step to take before you travel is to encrypt the data on your device, which is different than using encrypted messaging services like Signal. Cyber_Security_Channel

🔥 Scanning Networks – Pro Guide From our partners at Hacklido. We will keep this short. Nearly 600 sales. Improve your skills. Become a better master. All details are on the inside. Grab your personal copy here: → https://gumroad.com/a/631226579/ubvne

Identity Management Solutions for the Next Generation of Cybersecurity As attack methods become more sophisticated and continued advancements in AI and quantum computing threaten to unravel many traditional authentication methods. Next-generation identity solutions are poised to reshape the way human and machine identities are verified. Cyber_Security_Channel

Oracle Denies Breach Amid Hacker’s Claim of Access to 6 Million Records The attacker, active since January 2025, claims to have compromised a subdomain — login.us2.oraclecloud[.]com, which has since been taken down. This subdomain was found to be hosting Oracle Fusion Middleware 11G, as evidenced by a Wayback Machine capture from February 17, 2025. They are demanding ransom payments from affected tenants for the removal of their data and have even offered incentives for assistance in decrypting the stolen SSO and LDAP passwords. @Cyber_Security_Channel

Russian Zero-Day Seller is Offering Up to $4 Million for Telegram Exploits Zero-day companies like Operation Zero develop or acquire security vulnerabilities in popular operating systems and apps and then re-sell them for a higher price. For the company to focus on Telegram makes sense, considering the messaging app is especially popular with users in both Russia and Ukraine. Cyber_Security_Channel

DeepSeek Created Chrome Infostealer Without Hesitation, Company Remains Silent First, a fictional world was created to set clear rules and context aligned with the technical objectives. “We developed a specialized virtual environment called Velora – a fictional world where malware development is treated as a legitimate discipline,” the researchers explained. “In this environment, advanced programming and security concepts are considered fundamental skills, enabling direct technical discourse about traditionally restricted topics.” Cyber_Security_Channel

Security Researcher Breaks One of the Most Powerful Ransomware Attacks Using GPU Power However, by reviewing the logs, the researcher was able to determine the time the ransomware was launched, and using the metadata, the time the encryption was completed. He was then able to create a brute-force tool that could find the key for each individual file. Running the tool on a pre-installed system was found to be inefficient, as it took too long to run on the RTX 3060 and RTC 3090. Cyber_Security_Channel

CISA: Medusa Ransomware Hit Over 300 Critical Infrastructure Orgs Medusa was first introduced as a closed ransomware variant, where a single group of threat actors handled all development and operations. Although Medusa has since evolved into a Ransomware-as-a-service (RaaS) operation and adopted an affiliate model, its developers continue to oversee essential operations, including ransom negotiations. Cyber_Security_Channel

Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday Redmond also urged Windows sysadmins to prioritize critical, code execution bugs in the Windows Subsystem for Linux, the Windows DNS Server, Windows Remote Desktop Service and Microsoft Office. Cyber_Security_Channel

Blackwire Labs and Carahsoft Partner to Bring AI-Powered Cybersecurity Solutions to the Public Sector Blackwire Labs is an innovative cybersecurity company. Led by industry experts, the company specializes in addressing critical challenges faced by Government agencies, particularly the cybersecurity skills shortage and the AI trust deficit. We plan to empower their Public Sector customers with the highest-grade security defense possible without the cost of hiring additional security practitioners. Cyber_Security_Channel

Three VMware Zero-Days Under Active Exploitation – What You Need to Know The discovery of these zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion emphasizes the need for timely patching and proactive security measures. Since these flaws are being actively exploited in the wild, organizations should prioritize updates and strengthen their security posture. Cyber_Security_Channel

Static Scans, Red Teams and Frameworks Aim to Find Bad AI Models The problem is growing. JFrog flagged 212 AI models to date that contain some sort of malicious functionality or code, double the approximately 100 malicious models found a year ago. Cyber_Security_Channel

New ‘Auto-Color’ Linux Malware Targets North America, Asia The malware supports commands that enable the attacker to collect host information, uninstall the malware, create a reverse shell, create and modify files, execute a program, and turn the device into a proxy. Cyber_Security_Channel

🚨 Android Threat Hunters, Your Job Just Got Easier!  Our partners at ANY.RUN released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.     Now, businesses and security teams can:   • Investigate APK behavior in real time   • Detect Android threats faster   • Speed up incident response   • Reduce cybersecurity costs     Best part of the deal? It’s available for all plans — even FREE users!   👉 Try it now — via this link. -----   #ad #paidpromotion #sponsored   @Cyber_Security_Channel

Microsoft Names Suspects in Lawsuit Against AI Hackers The suspects named by Microsoft in a recent amended complaint are Arian Yadegarnia (Fiz) from Iran, Alan Krysiak (Drago) from the United Kingdom, Ricky Yuen (Cg-dot) from China (Hong Kong), and Phat Phung Tan (Asakuri) from Vietnam. Cyber_Security_Channel

AI vs. Endpoint Attacks: What Security Leaders Must Know to Stay Ahead Adversaries, especially cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, adding to their arsenals faster than any enterprise can keep up. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons. Adversaries are moving at machine speed, weaponizing gen AI to create sophisticated malware, launch targeted phishing campaigns and circumvent traditional defenses. Cyber_Security_Channel

AI-Powered Cybersecurity: Balancing Automation, Real-Time Detection and Strategic Oversight The skyrocketing adoption of AI-powered cybersecurity technologies makes it urgent for business leaders to gain a clear understanding of these issues. Allocating budget to safeguarding AI technologies in use can have a sound return on investment because automation offers a notable reduction in operational costs and enhanced threat detection can dramatically reduce the steep costs associated with breaches​. Cyber_Security_Channel

⚡️Elon Musk Claims ‘Massive Cyber-Attack’ Caused X Outages Downdetector, a website that monitors malfunctions on various sites and platforms, showed thousands of reports of outages. The platform, formerly known as Twitter, had been unresponsive for many users as posts failed to load. Tweets that failed to appear displayed a message that “something went wrong” and told users to try reloading. “We get attacked every day, but this was done with a lot of resources,” the platform’s CEO stated. “Either a large, coordinated group and/or a country is involved.” @Cyber_Security_Channel

How to Defend Amazon S3 Buckets from Ransomware Exploiting SSE-C Encryption All key management for S3 server-side encryption with SSE-C is handled outside of AWS, with encryption key material provided alongside the object, ensuring the cloud provider never stores the key material. AWS emphasizes the importance of using short-term credentials, implementing data recovery procedures, and preventing the use of SSE-C on S3 buckets when not necessary for the workload. Cyber_Security_Channel