Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 14 most recent headlines Filtered view

Complaint Says Service Generated More Than 1.5 Million Malicious URLsGoogle has sued a Chinese phishing-as-a-service provider accused of teaching customers to use Gemini to generate and customize scam websites, a campaign linked to more than 1.59 million phishing URLs, over 100,000 victims, and widespread credential and financial theft.

Bank Info Security 1 month, 2 weeks ago

Agentic AI in Healthcare Is a Risky Proposition

Health-ISAC Warns About Weak Governance and Credential MisuseHumans make mistakes. They fall for phishing scams and click on malicious links. Machines aren't necessarily better: Delegating decisions to agentic artificial tools can significantly intensify cybersecurity risks, warns a healthcare association.

Bank Info Security 3 months, 1 week ago

AI Is Accelerating Cyberattacks Faster Than Defenses

Okta's Brett Winterford on Identity Threats and Agentic AI RisksAI is accelerating cyberattacks, collapsing timelines and exposing new identity risks. Okta's Brett Winterford explains how attackers are using AI to scale phishing, exploit credentials and infiltrate enterprises - and what CIOs must do to defend against this rapidly evolving threat landscape.

Bank Info Security 7 months, 2 weeks ago

Scattered Lapsus$ Hunters Tied to Targeting of Zendesk Users

Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group CampaignContinuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users' valid credentials, warn security researchers.

Bank Info Security 7 months, 4 weeks ago

How to Improve Credential Security

Michael Leland of Island on How to Enhance Credential SecurityFrom infostealers to phishing, almost 90% of all data breaches now involve the use of stolen credentials - leading to billions of dollars in losses. Michael Leland of Island opens up on the role of the modern enterprise browser in mitigating these risks created by compromised credentials.

Bank Info Security 10 months, 1 week ago

Hackers Compromise 18 NPM Packages in Supply Chain Attack

Attacker Socially Engineered Developer With Phishing EmailA hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week.

Proof-of-Concept Attack Demonstrates FIDO Downgrade Against Microsoft Entra IDThe FIDO standard, a bulwark against credential-stealing phishing attacks, has an implementation chink that's poised for commoditization by cybercriminals, say security researchers in news that's good for phishing-as-a-service providers but terrible for everyone else.

Browser Isolation Protects Access Points as Remote Work Expands Attack SurfaceWith 92% of organizations supporting remote connectivity and phishing attacks surging to record levels, browser-based security has become essential for zero trust frameworks to protect against malware, ransomware and credential theft.

Bank Info Security 1 year, 5 months ago

New Phishing Kit Bypasses Two-Factor Protections

Astaroth Kit Offered for $2,000 on Telegram, Intercepts Authentication in Real TimeA new phishing kit called Astaroth bypasses two-factor authentication through session hijacking and real-time credential interception from services like Gmail, Yahoo, AOL and Microsoft 365. Acting as a man-in-the-middle, it captures login credentials, tokens and session cookies in real time.

Bank Info Security 1 year, 9 months ago

US, Microsoft Seize Domains Used in Russian Spear-Phishing

FSB Hackers Stripped of 107 Domains Used to Steal CredentialsThe U.S. Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. Targets include the national security apparatus and journalists, think tanks, and non-governmental organizations.

Bank Info Security 1 year, 10 months ago

Eliminating the Need for Stored Credentials in Healthcare

Authentication requiring stored credentials is not only vulnerable to phishing and other compromises, but using these credentials can also be cumbersome for busy clinicians, said Tina Srivastava, co-founder of Badge, a provider of deviceless, tokenless authentication technology.

Scammers Use Social Engineering and Phishing to Fool Workers and IT Help Desk StaffFederal authorities warn of social engineering and phishing scams - sometimes targeting IT help desk workers - that allow attackers to steal login credentials and access healthcare sector entities' IT systems so they can divert automated clearinghouse payments to bank accounts the attackers control.

Bank Info Security 2 years, 6 months ago

Google: Russian FSB Hacking Group Turns to Malware

'Coldriver' Has Been Sending Backdoors Embedded in PDFs Since November 2022A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google. "Coldriver" is using a family of backdoors Google dubs Spica.