Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 19 most recent headlines Filtered view

Threat Actor Silently Forwarded Sensitive Emails Matching Strategic TopicsGoogle says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection.

Bank Info Security 8 months, 3 weeks ago

Click, Call, Compromise: Hackers Continue to Evolve Tactics

Microsoft Says Hackers Pivoting to Identity CompromiseHackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.

Bank Info Security 10 months, 1 week ago

Hackers Compromise 18 NPM Packages in Supply Chain Attack

Attacker Socially Engineered Developer With Phishing EmailA hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week.

Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…

It takes just one email to compromise an entire system. A single well-crafted message can bypass filters, trick employees, and give attackers the access they need. Left undetected, these threats can lead to credential theft, unauthorized access, and even full-scale breaches. As phishing techniques become more evasive, they can no longer be reliably caught by automated solutions alone

Stolen credentials edge out email tricks for cloud break-ins because they're so easy to get Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.…

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets

Bleeping Computer 1 year, 10 months ago

4 Top Security Automation Use Cases: A Detailed Guide

Learn about the top 4 security automation use cases that can streamline your cybersecurity efforts. This guide covers reducing enriching indicators of compromise (IoCs), monitoring external attack surface(s), scanning for web application vulnerabilities and monitoring for leaked user credentials - specifically email addresses. [...]

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. [...]

Slippery AiTM attacks targeted more than 10,000 orgs over the past nine months A widespread phishing campaign that has hit more than 10,000 organizations since September 2021 uses adversary-in-the-middle (AiTM) proxy sites to get around multifactor authentication (MFA) features and steal credentials that are then used to compromise business email accounts.…

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA)