Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

23 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 23 Filtered view

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

Bank Info Security 3 months, 2 weeks ago

Multi-Cloud Security Is Straining CISO Teams

451 Research's Kennedy on How Skills Gap, Tool Sprawl Intensify Cloud Security RiskCloud security and gen AI governance are stretching security teams thin, warned Daniel Kennedy, principal research analyst at 451 Research, S&P Global Market Intelligence. Organizations now manage several cloud environments at once - each adding new risk and increasing the burden on security teams.

'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' GuaranteesClaims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.

Bank Info Security 5 months, 3 weeks ago

Breach Roundup: DOGE Uploaded Social Security Data to Cloud

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE SurgeThis week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.

Also: Turning AI Data Into AI Defense, Autonomous Border Patrol RobotsIn this week's panel, four ISMG editors discussed how basic security failures are still opening the door to major breaches, how researchers are rethinking data protection in the age of AI and the implications of robots with artificial intelligence patrolling national borders.

Bank Info Security 6 months, 1 week ago

Missing MFA Strikes Again: Hacker Hits Collaboration Tools

Terabytes of Data Stolen From Cloud-Based Collaboration Tools, Researchers WarnDozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data.

Misconfigured Customer Network Edge Devices' Under Fire, Warn ResearchersMisconfigured edge devices hosted in the cloud are giving nation-state hackers carte blanche to access Western critical infrastructure, warn threat intelligence experts at Amazon, who tied exploits of AWS customers' device administrator portals to Russia's GRU military intelligence agency.

Oracle Cloud Infrastructure Flaw Enabled Malicious File Uploads, Researchers FoundExploring Oracle Cloud Infrastructure, researchers at Tenable found that Oracle's console-based Code Editor tool failed to block arbitrary file uploads, and could be silently exploited via drive-by attacks to install malware. They said Oracle has now fixed the vulnerability.

China's Hack-For-Hire Scene Disgorges Another LeakThe Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details.

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra IDA flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Bank Info Security 1 year, 1 month ago

Report: Next-Gen 911 Systems are Outpacing Cyber Defenses

Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber ProtectionsA report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

Bank Info Security 1 year, 1 month ago

Malicious PyPI Package Targets Developer Credentials

JFrog uncovers multi-stage malware harvesting cloud secretsMulti-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.

Bank Info Security 1 year, 3 months ago

Google Cloud Fix Blocks Unauthorized Container Access

Attacker With Project Access Could Have Retrieved Private Images, Researchers SaidGoogle has fixed Google Cloud Platform vulnerability attackers could have exploited to gain unauthorized access to private container images, due to access restriction shortcomings. Researchers said the flaw highlights how services built atop other services can pose unexpected security risks.

Immediate Patching Urged to Address Flaws in Widely Used Ingress Nginx ControllerCritical vulnerabilities in Ingress Nginx Controller - a widely used component of the popular Kubernetes container management system - need immediate patching to prevent attackers from taking control of cloud-based applications, management interfaces and more, researchers warned.

Bank Info Security 1 year, 6 months ago

Vulnerabilities in Azure Data Factory Open Door to Attacks

Azure Data Factory's Apache Airflow Integration Flaw Can Expose Cloud EnvironmentsSecurity researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data.

Bank Info Security 1 year, 8 months ago

Cloud Platform Bugs Threaten Smart Home Security

Researchers Find Exploitable Flaws in the OvrC PlatformSecurity flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.

Bank Info Security 1 year, 10 months ago

CloudImposer RCE Vulnerability Targets Google Cloud Platform

Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' ServersGoogle patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.

Bank Info Security 1 year, 10 months ago

North Korean Hackers Pivot Away From Public Cloud

Kimsuky, or a Related Group, Deploys XenoRAT VariantA North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.

Bank Info Security 2 years, 1 month ago

Microsoft Says Azure Cloud Attack Scenario Isn't a Flaw

Redmond Calls Tenable Report Evidence of Customers Misconstruing Azure Service TagsMicrosoft is calling security research asserting a high-severity vulnerability exists in Microsoft Azure evidence that customers should better configure their cloud environments. An attacker with an Azure instance could obtain access to company resources by sending customizable HTTP requests.

Bank Info Security 2 years, 2 months ago

New Report Exposes Iranian Hacking Group's Media Masquerade

Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of DataMembers of the Iranian state hacking group APT42 have been observed posing as journalists from credible news outlets and well-known research institutions as part of a global effort to harvest credentials and hack into victim cloud networks, according to a Mandiant report published Wednesday.

Loading more headlines...