Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

35 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 35 Filtered view
Trend Micro Research, News and Perspectives 3 months, 3 weeks ago

Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

TeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromised LiteLLM, exposing how AI proxy services that concentrate API keys and cloud credentials become high-value collateral when supply chain attacks compromise upstream dependencies.

We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization

Bank Info Security 10 months, 1 week ago

F5 Targets AI Model Misuse With Proposed CalypsoAI Purchase

Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security EdgeF5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.

Bank Info Security 11 months, 2 weeks ago

Wallarm Secures $55M to Safeguard API-Driven Business Logic

Series C Funding Supports Evolution to Protecting API-Powered Business RevenueWith AI now outpacing cloud in enterprise adoption, Wallarm is evolving its API security platform to safeguard not just endpoints, but the business logic that drives digital revenue. With $55 million in new funding, the company is targeting CIOs and expanding globally to meet demand across sectors.

Bank Info Security 11 months, 3 weeks ago

AI Needs a Firewall and Cloud Needs a Rethink

Tom Leighton of Akamai Wants to End Cloud Bloat and Secure AI From Inside OutThe cloud was meant to be cheaper, but it's not. A bold new vision is emerging: one that slashes costs, decentralizes AI and secures APIs at the edge. From inference to firewalls, a reimagined internet is challenging hyperscaler dominance.

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have

Bank Info Security 1 year, 1 month ago

Malicious PyPI Package Targets Developer Credentials

JFrog uncovers multi-stage malware harvesting cloud secretsMulti-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.

Bank Info Security 1 year, 4 months ago

China's Silk Typhoon Tied to Cloud Service Provider Hacks

Microsoft Sees Cyberespionage Group Lifting API Keys and Credentials for CustomersA prolific cyberespionage group tied to Beijing appears to have increased its targeting of widely used IT tools and service providers. Microsoft said the group's tactics now include stealing API keys and credentials from providers to gain access to providers' downstream customers' infrastructure.

They're good at zero-day exploits, too Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.…

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based

Firm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud ThreatsWith $100 million in Series A funding, Upwind plans to strengthen its runtime and AI-powered cloud security platform. CEO Amiram Shachar outlines the company’s investments in engineering, customer engagement and scaling solutions to address vulnerabilities like misconfigurations and insecure APIs.

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive

Loading more headlines...