Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

41 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 41 Filtered view

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal SecretsMore than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft appeared first on Microsoft Security Blog.

Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.…

Bank Info Security 10 months, 2 weeks ago

Event Horizon for Vibe Hacking Draws Closer, Anthropic Warns

Cyber Extortion Campaign Automated Efforts to 'Unprecedented' Degree, Says AI GiantArtificial intelligence giant Anthropic said it's disrupted a cybercrime operation that tapped its large language models, including Claude Code, to an "unprecedented" extent to help automate a data theft and extortion campaign that targeted more than a dozen critical infrastructure organizations.

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. [...]

Loading more headlines...