Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

28 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 28 Filtered view
Microsoft Security Research 4 days, 21 hours ago

Defending SaaS-based applications against ShinyHunters OAuth abuse

Microsoft Threat Intelligence identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-based applications. The post Defending SaaS-based applications against ShinyHunters OAuth abuse appeared first on Microsoft Security Blog.

Investigators Found Months of Unchecked Database Scraping ActivitySouth Korea's privacy regulator fined Coupang a record 624.7 billion won after concluding that weak authentication controls, insider access abuse, evidence destruction and unauthorized data collection contributed to the exposure of personal information belonging to 33.7 million people.

CEO suspects silicon sidekick behind 'surprising velocity' breach - cyber crims shop stolen data for $2M Vercel's CEO reckons the crooks behind its recent breach likely had a helping hand from AI, saying the attackers moved with "surprising velocity" and a deep understanding of the company's infrastructure.…

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, or

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices.…

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses.

Bank Info Security 5 months, 2 weeks ago

NSA Tells Feds: Zero Trust Must Go Beyond Login

New NSA Guidance Demands Continuous Access Checks, Implementation OverhaulThe National Security Agency's new zero trust guidance instructs agencies to move beyond login-based security by continuously assessing user behavior and app-layer activity in real time, aiming to close gaps that allow post-authentication abuse and elevate federal defenses against modern threats.

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target

Loading more headlines...