Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

214 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 214 Filtered view

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack […]

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage […]

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts

Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa Black Hat Asia Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about.…

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment

Bank Info Security 3 months, 2 weeks ago

Multi-Cloud Security Is Straining CISO Teams

451 Research's Kennedy on How Skills Gap, Tool Sprawl Intensify Cloud Security RiskCloud security and gen AI governance are stretching security teams thin, warned Daniel Kennedy, principal research analyst at 451 Research, S&P Global Market Intelligence. Organizations now manage several cloud environments at once - each adding new risk and increasing the burden on security teams.

Trend Micro Research, News and Perspectives 3 months, 3 weeks ago

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed.

Loading more headlines...