Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

26 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 26 Filtered view
Bank Info Security 6 months, 3 weeks ago

University of Phoenix Data Breach: 3.5M Individuals Affected

Full Scope of Clop Ransomware Group's Oracle E-Business Suite Hits Still EmergingThe University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group's supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities.

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. [...]

US DOE among breached government agencies More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Redmond confirmed the critical vulnerabilities.…

Bank Info Security 11 months, 3 weeks ago

File Transfer Flaw Blamed in Health Breach Affecting 233,000

Cierant Corp. Says Cleo MFT Zero-Day Exploit Compromised Health Plan Client DataA Connecticut-based firm that provides print and electronic document management services to health plans has reported to regulators that an exploit of a vulnerability in file transfer software from third-party vendor Cleo has resulted in a health data compromise affecting nearly 233,000 people.

Krebs on Security 11 months, 3 weeks ago

Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

Bank Info Security 2 years, 2 months ago

Breach Roundup: LabHost Phishing-as-a-Service Site Goes Down

Also: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to LightThis week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S. charges, Cisco warned of a data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.

Bank Info Security 2 years, 2 months ago

Breach Roundup: LabHost Goes Down

Also: Omni Hack Exposed Customer Data and More Ivanti VulnerabilitiesThis week, police took down the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities, a Moldovan botnet operators faces U.S. charges, Cisco warned of data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [...]

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts

Bank Info Security 2 years, 4 months ago

Hackers Compromised Ivanti Devices Used by CISA

Cybersecurity Agency Says 'No Operational Impact'The U.S. Cybersecurity and Infrastructure Security Agency apparently had a good reason to urge federal agencies into resetting vulnerable Ivanti VPN devices: Hackers breached two gateways used by CISA, forcing the agency to yank them offline. The agency "immediately took offline" the impacted VPNs.

Loading more headlines...