Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

35 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 35 Filtered view
Bank Info Security 4 days, 18 hours ago

Jscrambler npm Breach Exposes Developers to Malware

Malware Harvested Cloud Credentials, Source Code and Deployment TokensAttackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.

Bank Info Security 1 month, 2 weeks ago

23andMe Failed to Stop Months-Long Hack, State Alleges

Calif. Lawsuit: Genetics Testing Firm Missed Red Flags Before Massive 2023 BreachHackers in 2023 went undetected for five months in genetics testing firm 23andMe's IT systems, despite multiple unheeded warning signs, alleges California's attorney general in a lawsuit. Hackers in late April 2023 began accessing 23andMe's systems by using compromised credentials.

Bank Info Security 1 month, 2 weeks ago

Connecticut Medicaid Portal Hack Affects Thousands

Attackers Attempted to Reroute Hospital Medicaid ReimbursementsA hack on a Connecticut Medicaid web portal involving compromised credentials of a healthcare provider has affected the payment account and other information for about 22,500 patients. The data theft is the latest breach involving a healthcare related web portal hack. Why does this keep happening?

Microsoft Security Research 1 month, 4 weeks ago

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised identity into a cloud-wide breach appeared first on Microsoft Security Blog.

Bank Info Security 2 months, 3 weeks ago

Vercel Traces Customer Data Theft to Agentic AI Tool Breach

Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider FindsCloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers.

Bank Info Security 3 months, 2 weeks ago

Mercor Breach Linked to LiteLLM Supply-Chain Attack

AI Dependency Attack Reportedly Exposes Data and Source CodeA LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility.

The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. [...]

Bank Info Security 1 year, 3 months ago

Top Australian Pension Funds Breached in Coordinated Hacks

Hackers Use Credential Stuffing to Steal AU$500,000, Breach 20,000 Member AccountsAustralia's largest pension funds faced coordinated credential attacks last week that compromised thousands of user accounts and led to the theft of at least AU$500,000 from four superannuation accounts. The affected funds included AustralianSuper, Rest and Australian Retirement Trust.

Also: The US Supreme Court; Polyfill; BEC Compromise for Frozen ChickenThis week, cyber insurance policies fell short, the Supreme Court rejected efforts to fight disinformation, Polyfill apparently was hijacked, cybercriminals stole chicken, Levi warned of a credential stuffing attack, hackers targeted Android devices, and a lab in South Africa was hit by ransomware.

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. [...]

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [...]

Bank Info Security 2 years, 4 months ago

Breach at Aussie Telecom Tangerine Affects 232,000 Customers

Customer Accounts Were Secured by MFA, But Contractor's Credentials Exposed DataAustralian telecom company Tangerine is blaming the compromise of a third-party contractor's credentials for exposing personal information of 232,000 customers, which had been stored in a legacy database. The breach exposed customers' names, birthdates, mobile numbers, addresses and account numbers.

Loading more headlines...