Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view
Bank Info Security 4 days, 19 hours ago

Jscrambler npm Breach Exposes Developers to Malware

Malware Harvested Cloud Credentials, Source Code and Deployment TokensAttackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.

Threat Actor Silently Forwarded Sensitive Emails Matching Strategic TopicsGoogle says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection.

Bank Info Security 1 month, 1 week ago

Miasma Worm Hits Microsoft's AI Coding Ecosystem

Attackers Compromised More Than 70 Microsoft Repositories in Under 2 MinutesAttackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale.

Bank Info Security 1 month, 2 weeks ago

23andMe Failed to Stop Months-Long Hack, State Alleges

Calif. Lawsuit: Genetics Testing Firm Missed Red Flags Before Massive 2023 BreachHackers in 2023 went undetected for five months in genetics testing firm 23andMe's IT systems, despite multiple unheeded warning signs, alleges California's attorney general in a lawsuit. Hackers in late April 2023 began accessing 23andMe's systems by using compromised credentials.

Bank Info Security 1 month, 2 weeks ago

Connecticut Medicaid Portal Hack Affects Thousands

Attackers Attempted to Reroute Hospital Medicaid ReimbursementsA hack on a Connecticut Medicaid web portal involving compromised credentials of a healthcare provider has affected the payment account and other information for about 22,500 patients. The data theft is the latest breach involving a healthcare related web portal hack. Why does this keep happening?

Bank Info Security 1 month, 4 weeks ago

Patched OpenClaw Flaw Let Hackers Hijack AI Agents

Chainable Bugs Enable Credential Theft, Persistence, TakeoverFour chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent's own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23.

Bank Info Security 2 months, 4 weeks ago

Vercel Traces Customer Data Theft to Agentic AI Tool Breach

Attacker First Compromised AI Tool Used by Vercel Employee, Platform Provider FindsCloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party agentic artificial intelligence tool used by an employee, called Context.ai, and stealing from it credentials and OAuth tokens tied to multiple services and customers.

Bank Info Security 3 months, 2 weeks ago

Mercor Breach Linked to LiteLLM Supply-Chain Attack

AI Dependency Attack Reportedly Exposes Data and Source CodeA LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility.

Bank Info Security 7 months, 4 weeks ago

How to Improve Credential Security

Michael Leland of Island on How to Enhance Credential SecurityFrom infostealers to phishing, almost 90% of all data breaches now involve the use of stolen credentials - leading to billions of dollars in losses. Michael Leland of Island opens up on the role of the modern enterprise browser in mitigating these risks created by compromised credentials.

Bank Info Security 8 months, 3 weeks ago

Click, Call, Compromise: Hackers Continue to Evolve Tactics

Microsoft Says Hackers Pivoting to Identity CompromiseHackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.

Bank Info Security 10 months, 1 week ago

Hackers Compromise 18 NPM Packages in Supply Chain Attack

Attacker Socially Engineered Developer With Phishing EmailA hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week.

Bank Info Security 1 year, 1 month ago

M&S Reportedly Hacked Using Third-Party Credentials

Scattered Spider Stole Tata Consulting Services Employee Login Details for HackBritish retailer Marks & Spencer was reportedly compromised by cybercrime group Scattered Spider using stolen employee credentials from a third-party IT company. Citing an unidentified source, Reuters reported hackers used the M&S login credentials of two Tata Consulting Services employees.

Bank Info Security 1 year, 3 months ago

Top Australian Pension Funds Breached in Coordinated Hacks

Hackers Use Credential Stuffing to Steal AU$500,000, Breach 20,000 Member AccountsAustralia's largest pension funds faced coordinated credential attacks last week that compromised thousands of user accounts and led to the theft of at least AU$500,000 from four superannuation accounts. The affected funds included AustralianSuper, Rest and Australian Retirement Trust.

Bank Info Security 1 year, 3 months ago

Oracle Health Responding to Hack of Legacy Cerner EHR Data

Customer Credentials Possibly Compromised at EHR Vendor Acquired by Oracle in 2022Oracle is dealing with a hacking incident involving legacy patient data of Cerner electronic health record customers. Oracle, which acquired Cerner in 2022, is reportedly telling clients the hack involved compromised credentials for systems scheduled to migrate to the cloud.

Bank Info Security 1 year, 6 months ago

Ransomware Campaign Targets Amazon S3 Buckets

Threat Actor 'Codefinger' Targets Cloud EnvironmentsA ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

Bank Info Security 1 year, 8 months ago

Critical OPA Vulnerability Exposes Windows Credentials

Attackers Could Exploit Flaw to Relay Credentials, Compromise SystemsA critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.

Bank Info Security 1 year, 9 months ago

Mass Retail Hacks Affect Adobe Commerce and Magento Stores

4,387 Online Merchants Compromised, Including Cisco and National Geographic StoresThousands of online stores running Adobe Commerce and Magento software have been hacked since the summer and infected with digital payment skimmers by attackers targeting a vulnerability known as CosmicSting. While patched by Adobe in June, users also need to forcibly invalidate stolen credentials.

Millions of Customers Will Also Be Offered Monitoring of Genetic Data on Dark WebGenetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.

Also: The US Supreme Court; Polyfill; BEC Compromise for Frozen ChickenThis week, cyber insurance policies fell short, the Supreme Court rejected efforts to fight disinformation, Polyfill apparently was hijacked, cybercriminals stole chicken, Levi warned of a credential stuffing attack, hackers targeted Android devices, and a lab in South Africa was hit by ransomware.

Bank Info Security 2 years, 1 month ago

Snowflake Clients Targeted With Credential Attacks

Company Says Single-Factor Authentication Accounts Are to Blame - Not a FlawHackers are targeting clients of artificial intelligence data platform provider Snowflake that lack multifactor authentication, the company warns. Threat actors are compromising organizations’ Snowflake customer tenants by using stolen credentials obtained by info-stealing malware, said Mandiant.

Loading more headlines...