Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view
Bank Info Security 5 months, 2 weeks ago

Hanging Up on ShinyHunters: Experts Detail Vishing Defenses

Sophisticated Voice Phishing Campaigns Don't Exploit Any Software VulnerabilitiesAmidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use "live video verification" to safeguard authentication changes.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Bank Info Security 11 months, 3 weeks ago

Attackers Exploit Zero-Day Flaws in On-Premises SharePoint

Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing AttacksHackers have been exploiting a zero-day vulnerability dubbed "ToolShell" in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches, experts warn administrators to also rotate keys, to help eject attackers.