Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

43 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 43 Filtered view

Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…

Bank Info Security 8 months, 3 weeks ago

Click, Call, Compromise: Hackers Continue to Evolve Tactics

Microsoft Says Hackers Pivoting to Identity CompromiseHackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.

Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…

Dutch intel services, Microsoft go big-game hunting A previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian government since at least April 2024, according to Dutch intelligence services and Microsoft.…

Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina

Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country

Krebs on Security 1 year, 9 months ago

This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Company Is Sending Email Alerts to Customers Whose Data Was Accessed by HackersMicrosoft is alerting its customers whose data may have been accessed by Russian state hackers following a January attack that compromised the emails of company executives. Microsoft also shared a link to a custom-built secure system that customers can use to review their stolen data.

Affected federal agencies must comb through mails, reset API keys and passwords The US Cybersecurity and Infrastructure Security Agency (CISA) warns that Russian spies who gained access to Microsoft's email system were able to steal sensitive data, including authentication details and that immediate remedial action is required by affected agencies.…

Loading more headlines...