Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization

Bank Info Security 1 year, 1 month ago

Malicious PyPI Package Targets Developer Credentials

JFrog uncovers multi-stage malware harvesting cloud secretsMulti-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.

Bank Info Security 1 year, 4 months ago

China's Silk Typhoon Tied to Cloud Service Provider Hacks

Microsoft Sees Cyberespionage Group Lifting API Keys and Credentials for CustomersA prolific cyberespionage group tied to Beijing appears to have increased its targeting of widely used IT tools and service providers. Microsoft said the group's tactics now include stealing API keys and credentials from providers to gain access to providers' downstream customers' infrastructure.

They're good at zero-day exploits, too Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.…

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive