Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Inversion6 CISO Ian Thornton-Trump on What Cybersecurity Startups Get WrongCISOs are bombarded with more than 400 cold outreach attempts a month - ignoring nearly all of them. If vendors want to break through, they need to stop selling and start solving, said Ian Thornton-Trump, CISO at Inversion6.
Back-Office Servicer's Breach Estimate Has More Than Doubled Since FebruaryThe victim tally in back-office services firm Conduent Business Services' 2024 hack has more than doubled to over 62.2 million individuals, from an earlier estimate of "25 million plus." The incident is now on track to be at least the third-largest health data breach ever reported to regulators.
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]
A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively
Researchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat. […]
A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. [...]
Good luck, sys admins
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows. The post Securing CI/CD in an agentic world: Claude Code Github action case appeared first on Microsoft Security Blog.
Bob Costello on Voluntary Plan's Impact on Collaboration - and CISA's Pivotal RoleFormer CISA CIO Bob Costello said President Trump's voluntary AI cybersecurity review order provides a workable foundation for government-industry collaboration, though agencies will need time and resources to meet accelerated 30-day evaluations of advanced AI systems.
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. [...]
When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away appeared first on CyberScoop.
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.
Conference Highlights AI Maturity, Agentic Risks and Human Factors in CybersecurityISMG editors reflect on key themes from Infosecurity Europe 2026, including AI's role from buzzword to business strategy, the risks of agentic systems in critical infrastructure and why human-to-human trust is emerging as a defining factor in cybersecurity.
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...]
Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco warns of a privilege escalation flaw, tracked as CVE-2026-20245 (CVSS base score of 7.8), in Cisco Catalyst SD-WAN Manager, the platform formerly known as SD-WAN vManage. An authenticated local […]
Those receiving aid in the famine-threatened, war-torn territory told support will remain
The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework