Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view

Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…

Wanna know a secret? Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of identity. However, not all forms of MFA are created equal, and the one-time passwords orgs send to your phone have holes so big you could drive a truck through them.…

Banking Sector Faces Challenges in Meeting March 2026 Compliance DeadlineThe Central Bank of UAE has issued a directive asking financial institutions to eliminate weak authentication methods including SMS and email OTPs. Banks are also expected to implement real-time fraud monitoring and suspend sessions when malicious activity is detected.

Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina

Bank Info Security 1 year, 3 months ago

Fraud in Your Inbox: Email Is Still the Weakest Link

At-Bay Cyber Insurance Claims Report Finds 83% of Financial Fraud Starts With EmailFinancial fraud remains the leading driver of cyberinsurance claims, with 83% of cases traced back to email-based attacks. Common tactics used to deceive employees include wiring funds to fraudulent accounts, generative AI-crafted emails, executive and vendor impersonation and BEC scams.

Breach Affects Pediatric, Orthodontic and Dental Surgery Practices in 6 StatesA Nashville, Tennessee firm that provides HR and finance services to dozens of specialty dental practices across six states is notifying more than 173,400 people of a 2024 email hacking incident affecting children and other patients. The company already faces several lawsuits related to the breach.

Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…

The Hacker News 1 year, 4 months ago

PCI DSS 4.0 Mandates DMARC By 31st March 2025

The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors

Loading more headlines...