Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

23 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 23 Filtered view
Bank Info Security 21 hours, 10 minutes ago

Lessons Learned: US Cybersecurity Agency Leaked Secrets

CISA Lauded for Fast Response, Transparency and Detailing Security RecommendationsSecure developers' use of public code repositories, monitor them for secrets and if they get exposed, have a well-tested incident response playbook at the ready. The U.S. Cybersecurity and Infrastructure Security Agency has shared these and other lessons learned after suffering a data leak.

CISA: Iran-Linked Groups Actively Exploiting OT Exposure Risks, PLC ProgrammersFederal agencies are warning that Iranian-linked actors have begun actively exploiting internet-facing PLCs and misconfigured OT systems across U.S. critical infrastructure, enabling network access, lateral movement and potential disruption amid rising geopolitical tensions.

Series C Funding Round Focuses on Secrets Remediation, Agent Governance ExpansionBacked by a $50 million Series C, GitGuardian plans to accelerate U.S. expansion and enhance secrets detection remediation and non-human identity controls as AI agents multiply across enterprises, increasing exposure to credential abuse and lateral movement.

Joint US, UK and Five Eyes Guidance Flags OT Exposure as National RiskU.S. and allied cyber agencies issued new guidance warning that insecure operational technology connectivity - driven by remote access, third-party vendors and IT integration - remains a major threat vector, enabling cyber intrusions to escalate into physical disruptions.

Bank Info Security 6 months, 3 weeks ago

Breach Roundup: Spotify Metadata Dumped Online

Also: SudamericaData Leak, RaccoonO365 Arrest and Nefilim Conspirator Pleads GuiltyThis week: Spotify metadata scraped, Nissan disclosed third-party breach, millions of Argentines exposed to data leak, African police arrested hundreds in a cybercrime sweep, Nigeria nabbed a phishing operator, the U.S. DOJ charged ATM jackpotting ring and Nefilim ransomware affiliate pleaded guilty.

Bank Info Security 7 months, 2 weeks ago

Utilities Warn US Grid at Risk as Federal Cyber Funds Dry Up

Federal Cuts Threaten Grid Security as Nation-State Hackings Escalate, Analysts SayCybersecurity leaders told Congress that U.S. energy systems are already compromised by state-backed actors - chiefly China - and warned that shrinking federal support for grid security programs threatens to worsen exposure as utilities face escalating threats with limited resources.

Bank Info Security 7 months, 3 weeks ago

Major US Banks Gauge Their Exposure to SitusAMC Breach

JP Morgan Chase, Citi and Morgan Stanley Among Banking Customers ImpactedMajor U.S. banks are assessing their exposure to a cybersecurity incident at real estate financial technology company SitusAMC, which disclosed Saturday that a breach may have affected client data. The New York firm uncovered the incident on Nov. 12.

CISA Says Agencies Believed They Patched Cisco Flaws But Had NotThe U.S. cyber defense agency issued new patch guidance after discovering multiple federal agencies failed to properly secure Cisco firewalls, leaving federal networks exposed to exploitation by a suspected Chinese threat actor despite a prior emergency directive.

Critical Infrastructure on the Digital Front LinesRural America is a long way from Taiwan. But cyber power is no respecter of geography. Should China make good on its repeated threats to reunify the island by force, the utilities that provide water and power to small towns all over the United States may find themselves on the digital front lines of a 21st century superpower war.

Bank Info Security 10 months, 2 weeks ago

Pentagon Probes Microsoft's Use of Chinese Coders

Defense Department Suspends, Reviews Microsoft 'Digital Escorts' ProgramThe Pentagon is reviewing Microsoft's decade-long use of "digital escorts" - U.S.-based staff who review code from Chinese engineers - into military cloud systems, a workaround now deemed a "breach of trust" that may have exposed sensitive but unclassified government data.

'Heightened Threat Environment' Faces Critical Infrastructure, US Government WarnsMany types of commonly used types of industrial control systems continue to be deployed in a manner that leaves them publicly exposed to the internet, often by U.S.-based critical infrastructure operators, in what amounts to a preventable security risk, researchers warn.

Bank Info Security 1 year, 1 month ago

Breach Roundup: Ukraine Hacks Russian Warplane Maker

Also, Crypter Takedown, Threat Intel Naming Accord and Regulators Ping CrowdStrikeThis week, Ukraine hacked Tupelov, Russian hacking, crypter sites seized and the U.S. will seize North Korean IT worker crypto. Regulators probed CrowdStrike. A Rosetta Stone for intel. A Romanian man admitted to swatting, Lee Enterprises hack exposed data and an FBI vet joined the private sector.

Salt Typhoon Exposed Major Flaws in Telecom Networks. Few Changes Have Been MadeAfter China's Salt Typhoon breach of U.S. telecom networks, federal experts told Congress on Wednesday the nation remains dangerously exposed to another attack - despite warnings, investigations and interagency coordination, all of which have yet to produce systemic cyber defense improvements.

Series D Funding to Drive U.S. Growth and AI Advancements in CybersecurityPentera has raised $60 million in Series D funding to expand its presence in the U.S. and accelerate AI-driven innovations in security validation. CEO Amitai Ratzon says the company is focused on advancing automated testing and strengthening its leadership in exposure validation.

Bank Info Security 1 year, 5 months ago

ISMG Editors: AI Security Wake-Up Call From DeepSeek

Also: Addressing AI Vulnerabilities and Governance ChallengesDeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes.

Bank Info Security 1 year, 6 months ago

Biden Issues Final Maritime Cybersecurity Rules

White House Mandates Cyber Incident Response Plans Amid Growing Chinese ThreatFederal regulations unveiled Tuesday require the U.S. maritime industry to implement baseline cybersecurity measures amid concerns over exposure to attacks from adversaries such as China. The rules mandate cybersecurity plans and clearly-defined cyber positions in ports and maritime facilities.

Bank Info Security 1 year, 6 months ago

Ransomware Group Hits Substance Abuse Treatment Service

American Addiction Centers Says 422,424 Individuals' Private Details ExposedSubstance abuse treatment company American Addiction Centers is warning nearly half a million patients that ransomware-wielding attackers stole their personal details, including names and Social Security numbers. The Rhysida ransomware operation claimed to perpetrate the attack.

Security Researcher Says Flaw Came From 700 Exposed APIs Belonging to CoxAn independent security researcher discovered a critical flaw in the backend infrastructure of the largest broadband provider in the United States that, if exploited, could have left millions of business customer devices vulnerable to major cyberattacks.

Bank Info Security 2 years, 2 months ago

US and Allies Issue Cyber Alert on Threats to OT Systems

Cyber Authorities Warn Pro-Russian Hacktivists Targeting Small-Scale OT SystemsU.S. and international cyber authorities issued a warning Wednesday that pro-Russian hacktivists are increasingly targeting small-scale operational technology systems throughout North America and Europe that have been left vulnerable to attacks due to internet-exposed industrial control systems.

Bank Info Security 2 years, 2 months ago

Breach Roundup: LabHost Phishing-as-a-Service Site Goes Down

Also: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to LightThis week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S. charges, Cisco warned of a data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.

Loading more headlines...