Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

49 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 49 Filtered view
Bank Info Security 1 week, 1 day ago

AI Coding Tools Can Fake Approval Prompts

Old Unix Symlink Trick Lets Malicious Code Bypass User ChecksWiz researchers found that six popular AI coding assistants can be tricked into modifying sensitive files, including SSH keys, while their approval prompts display a harmless filename. The GhostApproval technique exploits a decades-old Unix symlink behavior to mislead users.

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary process execution through AutoGen Studio’s MCP WebSocket. The research highlights a broader pattern - when agents can browse untrusted content and access local services, traditional boundaries like localhost are no longer secure. The post AutoJack: How a single page can RCE the host running your AI agent  appeared first on Microsoft Security Blog.

Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials

Bank Info Security 5 months, 1 week ago

AI-Generated Malware Exploits React2Shell for Tiny Profit

LLM-Built Toolkit Hit 91 Hosts, Mined Funds in MoneroSecurity researchers detected artificial intelligence-generated malware exploiting the React2Shell vulnerability, allowing attackers with no coding expertise to build functional exploits. The attacker may have circumvented an AI model's safeguards by framing the malicious coding request as homework.

Bank Info Security 5 months, 1 week ago

Docker AI Bug Lets Image Metadata Trigger Attacks

AI Assistant Executes Hidden Commands Embedded in Docker Image LabelsA vulnerability in Docker's Ask Gordon AI assistant allows attackers to execute malicious commands by hiding them in the container application development platform's image metadata, said security researchers. Dubbed DockerDash, the vulnerability exploits a failure across Docker's AI execution chain.

Loading more headlines...