With Complex Cloud Integrations, Small Errors Lead to Major Compromises
Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.
The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers.
Researchers say a likely Russian APT used a compromised employee email account to attack Kazakhstan's biggest company, though the oil and gas firm claims it was a pen test.
Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.
While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.
A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.
Both Android devices and iPhones are 3.5 times more likely to be infected with malware once "broken" and 250 times more likely to be totally compromised, recent research shows.
New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China.
If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.
Researchers find artificial intelligence applications that use large language models could be compromised by attackers using natural language to dupe users.
Although not all Redis instances are vulnerable to the P2P worm variant, all of them can expect a compromise attempt, researchers warn.
A recent email compromise by Chinese APT group Storm-0558 highlights a lack of access to security logging by many Microsoft 365 license holders, prompting calls from researchers to abolish it.
Lemon Group's Guerrilla malware model an example of how threat actors are monetizing compromised Android devices, researchers say.
Uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.
Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware.
IT asset tracker and auditor software has a critical issue with insecure object deserialization that could allow threat actors to execute code, researchers say.
Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.