Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 6 most recent headlines Filtered view
Bank Info Security 2 months, 4 weeks ago

Vercel Traces Customer Data Theft to Agentic AI Tool Breach

Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider FindsCloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers.

Bank Info Security 10 months, 2 weeks ago

Salesloft Drift Attacks Exposed Zscaler Customer Data

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.

Healthplex, Part of UnitedHealth Group, Lacked MFA on Compromised Email AccountNew York State has fined a dental plan administrator owned by UnitedHealth Group $2 million for failing to protect data with multifactor authentication and other issues related to a phishing breach that affected 90,000 people. It's the state's second fine against Healthplex for the same breach.

Vulnerability Can Allow Authentication Bypass; No Evidence of Exploitation YetJuniper Networks released an out-of-band fix for a maximum-severity vulnerability that can allow hackers to bypass authentication in three Juniper products. The CVSS 10-rated bug could allow an attacker to take full control of a compromised system.

Bank Info Security 2 years, 1 month ago

Snowflake Clients Targeted With Credential Attacks

Company Says Single-Factor Authentication Accounts Are to Blame - Not a FlawHackers are targeting clients of artificial intelligence data platform provider Snowflake that lack multifactor authentication, the company warns. Threat actors are compromising organizations’ Snowflake customer tenants by using stolen credentials obtained by info-stealing malware, said Mandiant.

Bank Info Security 2 years, 1 month ago

Check Point Alert: Attackers Targeting Poorly Secured VPNs

Criminal and Nation-State Focus on Network Edge Devices Continues, Researchers WarnAttackers have been escalating their attempts to compromise poorly secured virtual private networks - including appliances set for password-only authentication - to gain remote, initial access to enterprise networks, Check Point Software Technologies warns.