Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

41 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 41 Filtered view

Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...]

The Hacker News 1 month, 4 weeks ago

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, or

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are

Healthplex, Part of UnitedHealth Group, Lacked MFA on Compromised Email AccountNew York State has fined a dental plan administrator owned by UnitedHealth Group $2 million for failing to protect data with multifactor authentication and other issues related to a phishing breach that affected 90,000 people. It's the state's second fine against Healthplex for the same breach.

Also: Critical Infrastructure Security and Fortinet's Latest AcquisitionIn the latest weekly update, ISMG editors discussed critical infrastructure security challenges, a report on the 2022 Medibank breach compromising personal data for 10 million people, and Fortinet's acquisition to integrate Lacework's cloud-native security into its Security Fabric and SASE platform.

Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage An unknown financially motivated crime crew has swiped a "significant volume of records" from Snowflake customers' databases using stolen credentials, according to Mandiant.…

Bank Info Security 2 years, 4 months ago

Breach at Aussie Telecom Tangerine Affects 232,000 Customers

Customer Accounts Were Secured by MFA, But Contractor's Credentials Exposed DataAustralian telecom company Tangerine is blaming the compromise of a third-party contractor's credentials for exposing personal information of 232,000 customers, which had been stored in a legacy database. The breach exposed customers' names, birthdates, mobile numbers, addresses and account numbers.

The Hacker News 2 years, 5 months ago

4 Ways Hackers use Social Engineering to Bypass MFA

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.  If a password is compromised, there are several options

Loading more headlines...