Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

147 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 147 Filtered view

TuxBot v3, an AI-built IoT botnet for 17 architectures, shipped with LLM bugs and safety disclaimers the developer never removed. Palo Alto Networks’ Unit 42 identified a previously undocumented modular IoT botnet framework called TuxBot v3 Evolution, and it comes with an unusual detail: the developer used a large language model to write significant portions […]

Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results

Bank Info Security 4 days, 13 hours ago

Illinois Enacts First US Law Mandating AI Safety Audits

SB 315 Requires Annual Independent Audits, 72-Hour Incident Reporting for AI GiantsGov. JB Pritzker signed bipartisan legislation making Illinois the first state to require annual independent safety audits of frontier AI developers, going beyond California and New York frameworks with incident reporting deadlines, whistleblower protections and penalties up to $3 million.

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security FixesThe popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated.

As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution

Bank Info Security 1 month, 1 week ago

Security Leaders Must Stop Living by the Framework

Paul Watts of Keywords Studios on Business Alignment, AI Hype and Workforce RiskCybersecurity leaders who still operate through the lens of frameworks and risk registers could be irrelevant in a world where business moves without them, said Paul Watts, CISO at Keywords Studios. He recommends investing in both AI and people to sustain operations over the long haul, he said.

Bank Info Security 1 month, 2 weeks ago

AI Governance Playbook Calls for Enterprise Risk Controls

Healthcare Coordinating Council Highlights AI Risks, Potential Medical MishapsHealthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework.

Bank Info Security 1 month, 2 weeks ago

Trump Signs Voluntary AI Cyber Review Order

White House Cuts Proposed AI Review Period From 90 Days to 30President Trump signed an executive order creating a voluntary framework for evaluating advanced AI systems with significant cybersecurity capabilities, directing NSA, Treasury and CISA to establish classified benchmarks while avoiding mandatory licensing or preclearance requirements.

Bank Info Security 1 month, 3 weeks ago

White House Faces Pressure to Rewrite AI Order

Analysts Say White House Must Quickly Replace Shelved AI FrameworkU.S. President Donald Trump's decision to abruptly shelve an artificial intelligence executive order aimed at creating a federal review process for frontier models doesn't annul the need for the federal government to work with frontier model makers to address risks, say cybersecurity experts.

Bank Info Security 1 month, 3 weeks ago

OMB Scraps Biden-Era Cyber Logging Rules

New Memo Replaces SolarWinds-Era Rules With Risk-Based ModelThe White House issued a new memo replacing SolarWinds-era logging mandates with a narrower framework focused on risk, threat hunting and forensic readiness as agencies confront faster artificial intelligence-enabled intrusions across federal networks.

License Frontier AI to Practice Medicine, Argues JAMA ArticleScrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine.

Loading more headlines...