Chinese LLMs Broaden the Gap Between Attackers & Defenders
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses.
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.
IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open source software supply chain.
Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.
Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Planning ahead to defend against cyber threats is the work that keeps events uneventful.
The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
In this "Heard it From a CISO" video, Silverfort CISO John Paul Cunningham explains that AI in cybersecurity workflows is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into this essential field.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.