Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 27 Filtered view

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers

Expired security cert, real Brussels agenda, plus PlugX malware finish the job Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details.…

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand

Also, Stolen Cookies for Sale, LexisNexis Breach and an FBI WarningThis week, Alcasec back in a Spanish jail, billions of stolen cookies and Chinese hackers used Google Calendar. LexisNexis and Adidas had breaches, a vishing warning from the FBI. ClickFix scammers used fake Google Meet pages, Victoria's Secret went offline. Microsoft will update all your software.

Threat Actors Deploy Obfuscation Tactics to Targets Windows MachinesLikely Chinese nation-state hackers are targeting European companies using previously unseen malware backdoor variants with advanced network tunneling and evasion capabilities for data theft. Brussels-based security firm Nviso links the campaign to a threat actor tracked as UNC5221.

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017

Bank Info Security 1 year, 4 months ago

China's Silk Typhoon Tied to Cloud Service Provider Hacks

Microsoft Sees Cyberespionage Group Lifting API Keys and Credentials for CustomersA prolific cyberespionage group tied to Beijing appears to have increased its targeting of widely used IT tools and service providers. Microsoft said the group's tactics now include stealing API keys and credentials from providers to gain access to providers' downstream customers' infrastructure.

They're good at zero-day exploits, too Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.…

Bank Info Security 1 year, 8 months ago

Chinese Hackers Use Quad7 Botnet for Credential Theft

Hackers Using Password Spraying to Steal User Microsoft Account CredentialsMultiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.

Bank Info Security 2 years, 7 months ago

Breach Roundup: Filipinos Under Fire From 'Mustang Panda'

Also, Kansas Courts Say Ongoing Outage Traces to Attack; Confidential Data StolenThis week's data breach roundup: Chinese-affiliated hackers target the Philippine government; Kansas Courts confirm data theft, officials warn of exploited flaws in Sophos, Oracle and Microsoft software; AutoZone discloses a Clop ransomware attack; Optus' CEO resigns after network outage.

Loading more headlines...