Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 14 most recent headlines Filtered view
Bank Info Security 2 months, 2 weeks ago

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of ScanningPatch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted researcher.

Bank Info Security 4 months, 3 weeks ago

Malicious Repo Files Could Hijack Claude Code Sessions

Flaws Let Attackers Run Commands and Steal API Keys Before Trust PromptCheck Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.

Bank Info Security 5 months, 4 weeks ago

Anthropic's Cowork Shipped With Known Vulnerability

AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.

Bank Info Security 1 year, 3 months ago

API Security: Another Critical Asset Under Threat

Adam Arellano of Traceable by Harness on Creating Multi-Layered DefenseIncreasingly, APIs are in cyber adversaries' crosshairs. What creates vulnerability complexities in API environments, and what can be done to create a more effective, multi-layered defense? Adam Arellano of Traceable by Harness discusses how AWS and Traceable tackle this challenge.

Bank Info Security 1 year, 5 months ago

ISMG Editors: AI Security Wake-Up Call From DeepSeek

Also: Addressing AI Vulnerabilities and Governance ChallengesDeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes.

APIs are the backbone of modern applications, enabling connectivity and functionality across diverse systems. However, the growing complexity of API ecosystems introduces vulnerabilities that attackers exploit to disrupt operations, steal data, or launch other malicious activities. Without real-time visibility and robust threat detection, businesses face significant risks.

Firm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud ThreatsWith $100 million in Series A funding, Upwind plans to strengthen its runtime and AI-powered cloud security platform. CEO Amiram Shachar outlines the company’s investments in engineering, customer engagement and scaling solutions to address vulnerabilities like misconfigurations and insecure APIs.

Snyk Boosts API Security with Enhanced Dynamic App Security Testing CapabilitiesBy buying DAST provider Probely, Snyk bolsters its platform with advanced API security testing for early SDLC stages. This acquisition aims to help developers identify and reduce vulnerabilities in AI-driven and API-heavy applications. Full integration into Snyk's platform is slated for early 2025.

Bank Info Security 1 year, 8 months ago

Researchers Debut AI Tool That Helps Detect Zero-Days

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub ProjectsSecurity researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.

Security Researcher Says Flaw Came From 700 Exposed APIs Belonging to CoxAn independent security researcher discovered a critical flaw in the backend infrastructure of the largest broadband provider in the United States that, if exploited, could have left millions of business customer devices vulnerable to major cyberattacks.

Bank Info Security 2 years, 5 months ago

ISMG Editors: Why Are Microsoft's Systems So Vulnerable?

Also: AI in Cloud Security, Integrating Zero Trust Principles into API DeploymentIn the latest weekly update, ISMG editors discussed the potential role of AI in cloud security, how the recent cyberattack on Microsoft by Russian state hackers highlighted the vulnerabilities associated with legacy systems, and how to secure APIs in the age of zero trust.

Bank Info Security 2 years, 7 months ago

API Flaws Put AI Models at Risk of Data Poisoning

Hugging Face Fixes Flaw; Meta, Other Tech Giants Revoke Vulnerable TokensSecurity researchers could access and modify an artificial intelligence code generation model developed by Facebook after scanning for API access tokens on AI developer platform Hugging Face and code repository GitHub. Tampering with training data is among the top threats to large language models.