Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view
Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Unit 42 Says Iranian Operators Target Aerospace and Government StaffPalo Alto Networks' Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks.

Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail SentenceThis week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.

Seoul Accuses E-Commerce Giant of 'Self-Investigation,' Impeding Government ProbeSouth Korea's data protection watchdog told e-commerce giant Coupang to stop publishing its "self-investigation" findings into a massive data breach and demanded the interim CEO, a U.S. citizen, return to the country to meet with a police - drawing criticism from U.S. Republican lawmakers.

Also, Dutch Defend the Nexperia Takeover, Hikvision Challenges FCC, Qilin StrikesThis week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt injection may be here to stay. Hikvision pushed back against a new U.S. crackdown. Qilin claimed it hacked Scientology, Microsoft Patch Tuesday and MuddyWater activity.

Also, North Korean Hackers Remotely Wipe Android DevicesThis week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google's Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web application vulnerabilities.

Conduent Gets Sued; US Government's Cyber Shutdown Woes; Hacktivist Hits RiseThe latest ISMG Editors' Panel tackles: post-hack legal fallout for Conduent after it suffered the year's biggest health data breach, the U.S. government's shutdown complicating its response to the breach of vendor F5 and the rise in attacks targeting Western critical national infrastructure.

Bank Info Security 8 months, 2 weeks ago

Russian Police Bust Suspected Meduza Infostealer Developers

3 'Young IT Specialists' Arrested After Malware Tied to Government Agency InfectionRussian police have arrested "three young IT specialists" in Moscow, charging them with developing and selling the notorious Meduza information-stealing malware, and members of their group using the infostealer to breach a Russian government institution in May and exfiltrate data.

Concerns Grow Over F5 Hacking Amid Stalled Government ShutdownFederal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.

Bank Info Security 9 months ago

Chinese Actor Targets Russian IT Provider

Symantec Says It Spotted Likely Supply Chain HackSuspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May.

Bank Info Security 9 months, 1 week ago

Discord Vendor Hack Exposes ID Data in Ransom Bid

Proliferating Age Verification Systems a Hacker TargetA vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data collection systems are becoming high-value targets amid rising legislative mandates for online age checks.

Bank Info Security 9 months, 2 weeks ago

Red Hat Confirms Consulting Arm's GitLab Instance Breached

28,000 Customers, Including Banks and US Government Agencies, Appear to Be AffectedCommercial Linux distribution producer Red Hat has issued a security alert warning that attackers stole customer data from its consulting arm's GitLab instance. The hacking group, Crimson Collective, claims to have stolen one terabyte of data pertaining to 28,000 customers.

Bank Info Security 10 months, 2 weeks ago

Austria's Interior Ministry Says 100 Email Accounts Breached

No Law Enforcement Information or Austrian Personal Data Compromised, Officials SayThe Austrian government said a "targeted and professional" hack attack breached about 100 government email accounts in its interior ministry, which is chiefly responsible for public safety. Attackers also stole data, although officials said no law enforcement or personal data was exposed.

Bank Info Security 10 months, 2 weeks ago

Pentagon Probes Microsoft's Use of Chinese Coders

Defense Department Suspends, Reviews Microsoft 'Digital Escorts' ProgramThe Pentagon is reviewing Microsoft's decade-long use of "digital escorts" - U.S.-based staff who review code from Chinese engineers - into military cloud systems, a workaround now deemed a "breach of trust" that may have exposed sensitive but unclassified government data.

Microsoft Urges Immediate Mitigation as State Actors Target SharePoint FlawHackers breached a sensitive database containing office locations and personal details of elected officials and staff in Canada's House of Commons. Hackers were able to "exploit a recent Microsoft vulnerability," according to an internal email sent to members and staff.

Bank Info Security 11 months, 3 weeks ago

US Nuclear Agency Breach Tied to SharePoint Zero-Days

Over 400 Organizations Breached Via Ongoing ToolShell Attacks, Researchers WarnThe U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises Microsoft SharePoint servers, with researchers now counting over 400 victims, including European and Middle Eastern governments.

Energy Department Disputes Nuclear Access Breach Claims in Latest DOGE ControversyDepartment of Government Efficiency staffers gained access to accounts on classified networks storing some of the nation's top nuclear secrets according a report published concurrently with a lawsuit arguing the task force is unconstitutional and lacks congressional approval.

Bank Info Security 1 year, 3 months ago

US DOGE Staffer Sent Unencrypted Treasury Data over Email

Agency Official Says Ex-DOGE Staffer's Data Breach Violated Security PolicyAn ex-Department of Government Efficiency staffer violated Treasury rules by sending unencrypted personal data to two senior Trump administration officials without approval, raising concerns about the task force’s apparent disregard for or lack of knowledge about critical data security policies.

Bank Info Security 1 year, 5 months ago

Breach Roundup: DeepSeek Leaked Sensitive Data

Also: Infostealer Malware Compromises Mexican Government ComputersThis week, DeepSeek exposed sensitive data, hackers exploited unpatched Zyxel flaws, infostealer malware on Mexican government computers, Smiths Group incident, PowerSchool breach notifications, an Apple zero-day, XWorm RAT backdoor, and Credit Control Corporation settled a lawsuit.

Loading more headlines...