Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

68 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 68 Filtered view

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.

Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.

Bank Info Security 5 months, 1 week ago

Harvard, UPenn Data Leaked in ShinyHunters Shakedown

Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors'Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group's ongoing "live phishing" attacks that often attempt to trick IT help desks into giving attackers direct access to a victim's network and cloud-based data.

Bank Info Security 5 months, 1 week ago

Harvard, UPenn Data Leaked in ShinyHunters Shakedown

Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors'Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group's ongoing "live phishing" attacks that often attempt to trick IT help desks into giving attackers direct access to a victim's network and cloud-based data.

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization

Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.…

Microsoft 365 has made file sharing effortless, but that convenience often leaves organizations with little visibility into who can access sensitive data. Tenfold explains how access reviews for shared cloud content can help organizations regain visibility, reduce unnecessary permissions, and prevent data leaks in Microsoft 365. [...]

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory

PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; and more! Infosec In Brief Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and SaaS services due to security concerns.…

AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.…

Loading more headlines...