Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 16 most recent headlines Filtered view
Bank Info Security 4 days, 18 hours ago

Jscrambler npm Breach Exposes Developers to Malware

Malware Harvested Cloud Credentials, Source Code and Deployment TokensAttackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.

Prolific Threat Actor Focused on Using Malware to Facilitate Cargo TheftCargo-stealing hackers have a new trick up their sleeve: using a third-party code-signing service makes their remote management and monitoring software installers appear to be legitimate. Who's providing this signing service isn't clear. It's probably distributed by word of mouth.

Also: NodeCordRAT Malware, North Korean QR-Phishing CampaignThis week, U.K. crypto exchanges linked to Iranian sanctions evasion, NodeCordRAT malware spread via npm, an FBI alert on North Korean QR-code phishing, illicit crypto hit $154 billion in 2025 and U.S. President Donald Trump said he won't pardon Sam Bankman-Fried.

Bank Info Security 7 months, 1 week ago

Brickstorm Malware Hits US Critical Systems, CISA Warns

Chinese-Linked Malware Campaign Targets Critical Environments With Weak MonitoringU.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels.

Bank Info Security 8 months, 3 weeks ago

Russia's Coldriver Revamps Malware to Evade Detection

Russian Intel Hackers Flexible in Face of DetectionRussia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

State, Criminal Hackers Use Blockchain Technique to Evade TakedownsGoogle's Threat Intelligence Group found hacking groups like North Korea's UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle.

Bank Info Security 9 months, 3 weeks ago

Mandiant: Chinese Espionage Tool Embedded in US Systems

Researchers Uncover Covert Chinese Access to US Service Provider InfrastructureMandiant said it has tracked a Chinese-linked espionage campaign using BRICKSTORM malware to quietly embed within U.S. infrastructure and service providers for over a year, exploiting appliance-level blind spots to maintain persistence, evade detection and potentially develop zero-day exploits.

Bank Info Security 10 months, 1 week ago

Cryptohack Roundup: El Salvador Splits Bitcoin Reserve

Also: PowerShell-Based Cryptojacking Attack, a Malvertising CampaignThis week, El Salvador split its bitcoin reserve, an Indian court jailed cops for crypto kidnapping, a PowerShell-based cryptojacking attack, a malvertising campaign targeted Android users, a Venus Protocol hack, malware hid in npm packages using smart contracts for evasion and Bunni DEX exploit.

Bank Info Security 11 months, 1 week ago

Candiru Spyware Infrastructure Uncovered

Inskit Researchers Uncover Clusters in Hungary, Saudi ArabiaSecurity researchers uncovered a previously unseen malware cluster associated with Israeli spyware maker Candiru. The company may have rebranded itself to evade sanctions to continue its operations. It continues to operate despite its inclusion in 2021 onto an exports blacklist by the United States.

Bank Info Security 11 months, 2 weeks ago

Coyote Trojan Turns Accessibility Into Attack Surface

Brazil-Targeting Malware Exploits Windows UIA to Evade DetectionA banking Trojan long confined to Brazil has become the first known malware to exploit Microsoft's UI Automation framework to extract credentials, signaling a new tactic that may evade conventional detection. Akamai's findings point to a growing trend of attackers using legitimate system features.

Threat Actors Deploy Obfuscation Tactics to Targets Windows MachinesLikely Chinese nation-state hackers are targeting European companies using previously unseen malware backdoor variants with advanced network tunneling and evasion capabilities for data theft. Brussels-based security firm Nviso links the campaign to a threat actor tracked as UNC5221.

Bank Info Security 1 year, 3 months ago

Malicious Android Apps Evade Detection: McAfee

Cybersecurity Firm Finds Rash of Apps Coded With Microsoft .NET MAUICybercriminals are using a Microsoft cross-platform app development framework to create Android malware that bypasses security measures, evades detection and steals user data. Malicious apps spotted by McAfee researchers aren't traditional Android malware.

Bank Info Security 1 year, 4 months ago

DeepSeek-R1 Can Almost Generate Malware

DeepSeek Comes Very Close to Producing a Keylogger and RansomwareSecurity researchers used the Chinese DeepSeek-R1 artificial intelligence reasoning model to come close to developing ransomware variants and keyloggers with evasion capabilities. The model needs prompt engineering and its output requires code editing.

Bank Info Security 1 year, 4 months ago

Chinese Hackers Exploit Windows Tool to Install Backdoors

Mustang Panda Uses MAVInject to Evade Antivirus DetectionA Chinese state-sponsored hacking group is abusing a legitimate Microsoft tool to evade security and install backdoors on government systems in the Asia-Pacific region. The threat actor uses MAVInject.exe to inject malware into waitfor.exe.

Campaign Uses Updated Version of the Malware Plugin, Kaspersky SaysHackers are deploying an updated strain of EagerBee malware to target internet service providers and government organizations in the Middle East, warn security researchers. EagerBee operates in memory and comes with advanced stealth and security evasion capabilities.