Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 21 Filtered view

Threat Actor Silently Forwarded Sensitive Emails Matching Strategic TopicsGoogle says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection.

Bank Info Security 3 months, 2 weeks ago

Mercor Breach Linked to LiteLLM Supply-Chain Attack

AI Dependency Attack Reportedly Exposes Data and Source CodeA LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility.

Bank Info Security 8 months, 1 week ago

Unpatched Windows Flaw a Boon for Nation-State Hackers

Chinese Hackers Target European Diplomats with LNK File FlawChinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.

Bank Info Security 10 months, 2 weeks ago

Salesloft Drift Attacks Exposed Zscaler Customer Data

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.

Clinical Diagnostics Lab Hack Among Latest Recent Cyberattacks in the NetherlandsA Dutch population health research agency is notifying 485,000 participants of a cervical cancer screening program of a hacking incident at a clinical diagnostics laboratory that potentially compromised patients' personal and health information, including lab test results.

Bank Info Security 11 months, 2 weeks ago

SharePoint Zero-Days Exploited to Unleash Warlock Ransomware

145 Organizations Compromised by China-Linked Ransomware Hackers and OthersNearly 150 different organizations' on-premises SharePoint servers have been exploited by attackers targeting the zero-day vulnerabilities now tracked as ToolShell, researchers warn. Early attacks have been attributed to China-linked groups, in some cases leading to Warlock ransomware infections.

Bank Info Security 1 year, 1 month ago

Thousands of ASUS Routers Hit by Persistent Backdoor

Persistent Attack Grants Remote SSH Access via ExploitSomeone - possibly nation-state hackers - appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers.

Bank Info Security 1 year, 1 month ago

Windows Server Flaw a Shortcut to Privilege Escalation

Akamai Researchers Flag 'BadSucessor' in Windows Server 2025An unpatched flaw in Windows Server 2025 that is "trivial" to exploit and present in the default configuration is full domain compromised, warns new research from Akamai. The flaw is present in a new account type known as delegated managed service accounts, or dMSA.

Researchers Uncover Three Vulnerabilities, Urge Firmware UpdateAttackers could chain critical vulnerabilities in industrial network switches to gain remote control to compromise automation systems, IoT devices and surveillance networks. Claroty's Team82 uncovered three flaws in WGS-804HPT switches manufactured by Planet Technology.

Bank Info Security 1 year, 6 months ago

AI-Driven Ransomware Group Strikes 85 Victims

Amateurish Ransomware Group Doubles as HackstivistsCybersecurity researchers discovered an artificial intelligence-driven ransomware group that emerged at the end of last year and compromised more than 85 victims worldwide. The group uses double extortion, combining data theft with encryption.

Bank Info Security 1 year, 6 months ago

36 Chrome Extensions Compromised in Supply Chain Attack

Developers Listed as Public Contact Points Targeted in Phishing CampaignA supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people.

Bank Info Security 1 year, 7 months ago

Researchers: Iranian Custom Malware Targets Fuel Systems

An Iranian state hacking group is using custom malware to compromise IoT and OT infrastructure in Israel and the United States. An attack wave from Islamic Revolutionary Guard Corps-affiliated "CyberAv3ngers" swept up fuel management systems made by U.S.-based firm Gilbarco Veeder-Root.

Bank Info Security 1 year, 8 months ago

Critical OPA Vulnerability Exposes Windows Credentials

Attackers Could Exploit Flaw to Relay Credentials, Compromise SystemsA critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.

Bank Info Security 1 year, 8 months ago

Insiders Confuse Microsoft 365 Copilot Responses

Attack Method Exploits RAG-based Tech to Manipulate AI System's OutputResearchers found an easy way to manipulate the responses of an artificial intelligence system that makes up the backend of tools such as Microsoft 365 Copilot, potentially compromising confidential information and exacerbating misinformation. Researchers called the attack "ConfusedPilot."

Bank Info Security 1 year, 10 months ago

CloudImposer RCE Vulnerability Targets Google Cloud Platform

Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' ServersGoogle patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.

Researchers Say Manufacturer Proges Plus Hasn't Responded to Vulnerability FindingsVulnerabilities in internet-connected temperature monitoring devices - and an accompanying desktop application - mainly used in hospitals could be exploited by hackers to exfiltrate sensitive data or compromise temperature monitoring integrity, researchers warn.

Bank Info Security 2 years, 1 month ago

Check Point Alert: Attackers Targeting Poorly Secured VPNs

Criminal and Nation-State Focus on Network Edge Devices Continues, Researchers WarnAttackers have been escalating their attempts to compromise poorly secured virtual private networks - including appliances set for password-only authentication - to gain remote, initial access to enterprise networks, Check Point Software Technologies warns.

Bank Info Security 2 years, 2 months ago

Cinterion IoT Cellular Modules Vulnerable to SMS Compromise

Modules Widely Deployed in Manufacturing, Telecommunications and Healthcare DevicesMultiple types of Telit Cinterion cellular modules for IoT and machine-to-machine devices, which are widely used across industrial, financial services, telecommunications and healthcare environments, are vulnerable to being remotely compromised via malicious SMS messages, security researchers warn.

Bank Info Security 2 years, 3 months ago

ShadowRay Attack Strikes AI Workloads

Thousands of AI Workloads Compromised Amid CVE Vulnerability DisputeAn active attack campaign dubbed ShadowRay is targeting the widely used Ray open-source artificial intelligence scaling framework. It stems from a vulnerability that researchers say is a flaw but that Ray's developers say is a deliberate design choice.

Bank Info Security 2 years, 5 months ago

Account Takeover Campaign Hits Execs in Microsoft Azure

Attackers Downloaded Files Containing Financial, Security and User InformationA still-active phishing campaign using individualized phishing lures is targeting senior corporate accounts in Microsoft Azure environments, said researchers from Proofpoint. They said the hackers have compromised hundreds of user accounts spread across dozens of Microsoft Azure environments.

Loading more headlines...