Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised identity into a cloud-wide breach appeared first on Microsoft Security Blog.

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day

The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them Advertorial Security must be tried, tested, and tested again. It’s become easier than ever for cybercriminals to find stealthy new ways to gain access to and navigate laterally across systems, exploit gaps in hybrid workflows, or hijack cloud accounts to gain access to a target. It is vital that every CISO can offer a clear picture of how their security is really holding up against the latest tactics, techniques, and procedures. However, all too often I’ve seen my fellow CISOs fall into a cycle of preparing annual penetration tests of point systems to be “compliant,” which in fact only makes them sitting ducks just waiting for a breach to occur.…