Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view

Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...]

Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.

Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.…

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.…

Bank Info Security 9 months, 1 week ago

AI Browsers Vulnerable to Data Theft, Malware

AI Actions Bypass Security ToolsArtificial intelligence-powered browsers could expose enterprises to data theft, malware distribution and unauthorized access to corporate apps, new research shows. AI browsers built to complete tasks autonomously lack the security awareness to verify whether an instruction is safe.

Trend Micro Research, News and Perspectives 10 months, 1 week ago

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks

Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide.

System prompt engineering turns benign AI assistants into 'investigator' and 'detective' roles that bypass privacy guardrails A team of boffins is warning that AI chatbots built on large language models (LLM) can be tuned into malicious agents to autonomously harvest users’ personal data, even by attackers with "minimal technical expertise”, thanks to "system prompt" customization tools from OpenAI and others.…

Krebs on Security 1 year, 9 months ago

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.