Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view

Déjà Vu: Is Mythos in Hands of Bad Actors Akin to Cobalt Strike, Brute Ratel Abuse?Anthropic's Claude Mythos and similarly powerful artificial intelligence tools pose elevated cyber risk to the healthcare sector, warns a new report. Addressing the onslaught of newly discovered bugs will require healthcare organizations to evolve their vulnerability mindsets.

Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in VulnerabilitiesAI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.

Bank Info Security 2 months, 1 week ago

Why Autonomous AI Agents Fail in Real-World Deployments

Study Finds Standard Safety Tests Miss Most Agentic AI ThreatsResearchers from Stanford, MIT, Carnegie Mellon and others found that most production AI agents are vulnerable to attacks that unfold across multi-step actions. The study warns that memory, tool access and agent coordination create failure modes traditional chatbot safety testing cannot see.

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions, to review their workflows.…

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.…

NIST Seeks Input to Protect AI Systems Used in Government, Critical InfrastructureThe National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI warning they may be vulnerable to exploits like hijacking, backdoors and misaligned behavior across federal networks.

Always Secure MCP Servers Connecting LLMs to External Systems, Experts WarnWarning: Popular technology designed to make it easy for artificial intelligence tools to connect with external applications and data sources can be turned to malicious use. Researchers discovered two separate vulnerabilities tied to tools in the ecosystem around model context protocol, or MCP.

Bank Info Security 1 year, 3 months ago

Faulty Nvidia Bug Patch Puts AI Containers at Risk

Trend Micro Finds Security Gap in Nvidia Container ToolkitUsers of software developed by AI powerhouse Nvidia for running containerized software on its GPU chips could still be vulnerable to hacks even if they applied a September 2024 patch, warns cybersecurity firm Trend Micro. The core issue lies in symbolic link handling.

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining

Loading more headlines...