Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

30 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 30 Filtered view

Threat Actor Silently Forwarded Sensitive Emails Matching Strategic TopicsGoogle says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection.

Complaint Says Service Generated More Than 1.5 Million Malicious URLsGoogle has sued a Chinese phishing-as-a-service provider accused of teaching customers to use Gemini to generate and customize scam websites, a campaign linked to more than 1.59 million phishing URLs, over 100,000 victims, and widespread credential and financial theft.

Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.

Bank Info Security 4 months, 3 weeks ago

Anthropic Accuses China AI Firms of Model Mining

DeepSeek, MoonShot AI, MiniMax Used 24K Fake Accounts in CampaignAnthropic has accused three Chinese AI firms of running coordinated, large-scale operations to steal capabilities from its Claude models. The U.S.-based company said DeepSeek, Moonshot AI and MiniMax are conducting "industrial-scale campaigns" using tens of thousands of fraudulent accounts.

Bank Info Security 5 months, 2 weeks ago

Ex-Google Engineer Convicted of Stealing AI Data for China

Linwei Ding Faces Decades in Prison for Trade Secret Theft, EspionageA federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret theft.

Bank Info Security 7 months, 2 weeks ago

South Korean E-Commerce Giant Coupang Probes Massive Breach

Chinese Developer Formerly Employed by Company Suspected of Data TheftSouth Korea's biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is a suspect.

Concerns Grow Over F5 Hacking Amid Stalled Government ShutdownFederal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.

Bank Info Security 9 months, 1 week ago

Chinese-Linked Hackers Breach Top Political US Law Firm

Williams & Connolly Hit in Zero-Day Campaign Impacting Client EmailsA zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.

Also, Stolen Cookies for Sale, LexisNexis Breach and an FBI WarningThis week, Alcasec back in a Spanish jail, billions of stolen cookies and Chinese hackers used Google Calendar. LexisNexis and Adidas had breaches, a vishing warning from the FBI. ClickFix scammers used fake Google Meet pages, Victoria's Secret went offline. Microsoft will update all your software.

Bank Info Security 1 year, 2 months ago

Russian, Chinese Hackers Targeted Dutch Government

Hackers Targeted Critical Infrastructure for Sabotage, Data TheftRussian and Chinese hackers targeted critical infrastructure in the Netherlands for strategic gains amid escalating tensions with Western governments, the Dutch intelligence agency said. The Netherlands witnessed a number of "cyberespionage attempts against the Dutch government."

Bank Info Security 1 year, 2 months ago

Hackers Hijack NFC for Instant Payment Fraud

Attack Combines Social Engineering and Card Emulation to Execute Real-Time TheftHackers are using Chinese-speaking Android malware-as-a-service SuperCard X to carry out near-field communication relay attacks, siphoning payment card data and executing live point of sale and ATM transactions. Victims receive spoofed SMS or WhatsApp alerts purporting to originate from their bank.

Threat Actors Deploy Obfuscation Tactics to Targets Windows MachinesLikely Chinese nation-state hackers are targeting European companies using previously unseen malware backdoor variants with advanced network tunneling and evasion capabilities for data theft. Brussels-based security firm Nviso links the campaign to a threat actor tracked as UNC5221.

Threat Groups Are Mapping OT Networks for Future Targeting, Warns DragosA China-linked threat group called Voltzite is targeting operational technology systems at critical infrastructure organizations worldwide to steal network diagrams, OT operating instructions and information about geographic information systems, said cybersecurity firm Dragos.

Bank Info Security 1 year, 4 months ago

China's Silk Typhoon Tied to Cloud Service Provider Hacks

Microsoft Sees Cyberespionage Group Lifting API Keys and Credentials for CustomersA prolific cyberespionage group tied to Beijing appears to have increased its targeting of widely used IT tools and service providers. Microsoft said the group's tactics now include stealing API keys and credentials from providers to gain access to providers' downstream customers' infrastructure.

Chinese Nation-State Hackers Used a Custom Utility to Capture PacketsChinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco's threat analysis unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos.

Chinese Nation-State Hackers Used a Custom Utility to Capture PacketsChinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco's cybersecurity unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos.

Bank Info Security 1 year, 7 months ago

T-Mobile Hit by Chinese Cyber Spies; Sees Minimal Impact

Telco Giant's Probe Finds 'No Evidence' of Customer or Sensitive Data BreachThe world's largest telecommunications carrier, T-Mobile U.S., said it was targeted as part of a wide-ranging cyberespionage operation the U.S. government attributes to China but has found no sign of data access or theft. Other known victims of the campaign include AT&T, Verizon and Lumen.

Bank Info Security 1 year, 8 months ago

Chinese Hackers Use Quad7 Botnet for Credential Theft

Hackers Using Password Spraying to Steal User Microsoft Account CredentialsMultiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.

Loading more headlines...