Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view

Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims. The post Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack appeared first on CyberScoop.

Bank Info Security 6 months, 2 weeks ago

RondoDox Botnet Exploiting Devices With React2Shell Flaw

The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at ScaleSecurity firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox.

Bank Info Security 7 months, 1 week ago

Hacking as a Prompt: Malicious LLMs Find Users

WormGPT 4 Sells for $50 Monthly, While KawaiiGPT Goes Open SourceThe cybercrime-as-a-service model has a new product line, with malicious large language models built without ethical guardrails selling on Telegram for $50 monthly or distributed free on GitHub. Others groups are taking the open-source route.

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.

Also: Ransomware Hackers Demand BaguettesThis week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Bank Info Security 1 year, 10 months ago

Critical GeoServer Flaw Enabling Global Hack Campaigns

Targets Includes Technology, Government and Telecommunications SectorsCybercriminals are using a critical remote code execution vulnerability in an open-source geospatial data platform to spread malware globally across several industries. GeoServer Project maintainers released a patch on July 1. The vulnerability has a CVSS score of 9.8 out of 10.

Bank Info Security 1 year, 10 months ago

North Korean Hackers Tied to Exploits of Chromium Zero-Day

Cryptocurrency Users Targeted in Latest Campaign Involving FudModule RootkitA hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.

UNC3886 Targeted Edge Devices for Persistence, Mandiant SaysA suspected Chinese hacking group used open-source rootkits to ensure persistence on compromised edge devices such as VMware ESXi servers for espionage campaigns, Google Mandiant said. The hacking group, which Mandiant tracks as UNC3886, is likely a Chinese threat group hacking for Beijing.

Bank Info Security 2 years, 2 months ago

Report: Russian Hackers Targeting Ukrainian Soldiers on Apps

Russian Hackers Using Open-Source Malware on Popular Messaging Apps, Report SaysUkraine's Computer Emergency Response Team is warning in an April report that a Russian hacking group known as UAC-0184 is using open-source malware to target Ukrainian soldiers on popular messaging apps such as Signal, as concerns grow over the Kremlin’s advanced hacking capabilities.

Bank Info Security 2 years, 7 months ago

Hackers Keep Winning by Gambling on SQL Injection Exploits

Gambling and Retail Firms Top Targets of 'GambleForce' Group, Researchers WarnA recently spotted hacking group with a penchant for using open source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, codenamed GambleForce, which appears to focus on gambling and retail firms.

Loading more headlines...