Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

13 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 13 most recent headlines Filtered view

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary process execution through AutoGen Studio’s MCP WebSocket. The research highlights a broader pattern - when agents can browse untrusted content and access local services, traditional boundaries like localhost are no longer secure. The post AutoJack: How a single page can RCE the host running your AI agent  appeared first on Microsoft Security Blog.

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how

Bank Info Security 5 months, 1 week ago

Moltbook Gave Everyone Control of Every AI Agent

Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.

Bank Info Security 9 months ago

Static Credentials Expose MCP Servers to Risk

Study Finds Weak Authentication Practices Across AI Agent ServersTools developers use to connect artificial intelligence tools with external applications and data sources typically are secured by static credentials such as API keys and personal access tokens, exposing AI agent systems to theft or misuse, research shows.

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks

Bank Info Security 10 months, 2 weeks ago

Salesloft Drift Attacks Exposed Zscaler Customer Data

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks