Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

18 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 18 most recent headlines Filtered view

Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first on CyberScoop.

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.…

Bank Info Security 4 months, 3 weeks ago

Malicious Repo Files Could Hijack Claude Code Sessions

Flaws Let Attackers Run Commands and Steal API Keys Before Trust PromptCheck Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials

Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks

Bank Info Security 1 year, 5 months ago

DeepSeek AI Models Vulnerable to JailBreaking

Researchers uncovered flaws in large language models developed by Chinese artificial intelligence company DeepSeek, including in its flagship R1 reasoning application. The security concerns come as Microsoft and OpenAI investigate whether DeepSeek developed used data scraped from an OpenAI API.

Bank Info Security 1 year, 8 months ago

Researchers Debut AI Tool That Helps Detect Zero-Days

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub ProjectsSecurity researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.

Bank Info Security 2 years, 7 months ago

API Flaws Put AI Models at Risk of Data Poisoning

Hugging Face Fixes Flaw; Meta, Other Tech Giants Revoke Vulnerable TokensSecurity researchers could access and modify an artificial intelligence code generation model developed by Facebook after scanning for API access tokens on AI developer platform Hugging Face and code repository GitHub. Tampering with training data is among the top threats to large language models.

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges

Trend Micro Research, News and Perspectives 3 years, 9 months ago

Security Risks in Logistics APIs Used by E-Commerce Platforms

Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.