Time to start praying to the goddess of wisdom and war
Latest cybersecurity reporting from selected sources.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Refine the feed
Search across headline titles and summaries.
Even the Secret Service won't use company-issued phones
Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Researchers warn many AI coding assistants now execute commands from project configurations
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers
Security boss thought MFA would be too much security
One rule for the workers, another for execs
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder
Qihoo 360, which the US has banned, says it’s needed as a deterrent to weaponized Anthropic models
Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs
Spotted in intrusions targeting insurance, education, IT, and professional services sectors
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Former employee accuses company of prioritizing pending IPO over client security
UK school’s network left wide open for invasion, student found
And the admin password was right in the Active Directory description field
Nation-state actors cracked critical Australian infrastructure to ‘cripple it at a time of their choosing’
To defuse another attack, Oz spies called foreign counterparts to tell them an op was a bust
The hits keep on coming for Cisco vulnerabilities
CVE-2026-20230 under exploitation, while an earlier SD-WAN 0-day looks even worse than we thought
Microsoft uses AI to link two malware operations in racketeering suit
200+ C2 servers linked to StealC and Amadey shut down
London cops bring live facial recognition to West End
'Permanent biometric surveillance of the public square' incompatible with policing by consent, say critics
You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
Five ISPs and plenty of users await their fate
Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era
Plus more blasts from the past: NetWare, FTP, and HTTP
Five Eyes spooks warn AI means infosec incidents can become ‘major operational and financial crises’
Bosses told to step up and get cybersecurity right
Sniff out stale AI override advice with this open source CLI
Package dependencies can create vulnerabilities that are fiendishly hard to find and stamp out
OpenAI: Yoo-hoo, look over here, we do that security stuff too!
A plethora of pwn-prevention, including a 'Patch The Planet' pledge
Cloudflare teams up with big browsers to help websites tell welcome from unwelcome visitors
Makers of Chrome, Edge, Firefox back bot-fraud defense called Private Access Control Tokens
Security shops among the 'hundreds' of Klue hack victims
As yet another extortion crew Icarus exploits Salesforce-linked integrations