Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

20 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines Filtered view
Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

Also: Zcash Patches Flaw, $32M Humanity Protocol HackThis week, a key player in a $97M laundering scheme got prison time, Humanity Protocol suffered $32M in losses, Zcash patched a flaw, the EU targeted crypto platforms tied to Russia, authorities froze $3.8M in illicit funds and researchers exposed a Trezor chip weakness.

Bank Info Security 3 months, 2 weeks ago

Mercor Breach Linked to LiteLLM Supply-Chain Attack

AI Dependency Attack Reportedly Exposes Data and Source CodeA LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility.

Bank Info Security 5 months, 1 week ago

Moltbook Gave Everyone Control of Every AI Agent

Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.

Bank Info Security 5 months, 2 weeks ago

Breach Roundup: Android RAT Hides Behind Hugging Face

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads GuiltyThis week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

Bank Info Security 6 months, 2 weeks ago

75,000 MongoDBs Exposed as Attackers Exploit 'MongoBleed'

Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code ExecutionAn attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Bank Info Security 7 months, 4 weeks ago

Misconfigured AI Agents Let Attacks Slip Past Controls

AppOmni Finds Now Assist Agents Could Trigger Unauthorized ActionsServiceNow's Now Assist agents could be manipulated through second-order prompt injection, enabling unauthorized record changes and data exposure despite protections, shows new research from AppOmni. The issue stemmed from default configurations that allow agents to invoke each other.

Bank Info Security 8 months, 3 weeks ago

Russia's Coldriver Revamps Malware to Evade Detection

Russian Intel Hackers Flexible in Face of DetectionRussia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

Bank Info Security 9 months, 3 weeks ago

Salesforce Patches CRM Data Exfiltration Vulnerability

Agentforce Agentic AI Tool Was Exposed to Indirect Prompt Injection AttacksSalesforce has patched a vulnerability involving its Agentforce agentic artificial intelligence tool, discovered by researchers, that attackers could have exploited using an indirect prompt injection attack to steal sensitive customer data and leads being stored in the CRM system.

Bank Info Security 10 months, 2 weeks ago

Salesloft Drift Attacks Exposed Zscaler Customer Data

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.

'Heightened Threat Environment' Faces Critical Infrastructure, US Government WarnsMany types of commonly used types of industrial control systems continue to be deployed in a manner that leaves them publicly exposed to the internet, often by U.S.-based critical infrastructure operators, in what amounts to a preventable security risk, researchers warn.

Thousands of MCP Servers Leave AI Apps Open to Attack SurfacesHundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Bank Info Security 1 year, 4 months ago

Clinical Trial Database Exposes 1.6M Records to Web

Researcher Says Firm Failed to Secure Sensitive Health Data From Survey FormsAn unsecured database containing 2 terabytes of data allegedly exposed more than 1.6 million clinical research records to the internet, including sensitive personal and medical information of patients, said the security researcher who discovered the lapse. Why does this keep happening?

Many Charging Cable Interfaces Have Exposed SSH and HTTP Ports, Researchers WarnResearchers demonstrated that multiple brands of EV charging stations have vulnerabilities due to manufacturers often leaving open and unsecured SSH and HTTP ports. The risks of these vulnerabilities range from an expanded attack surface to a launching pad for assaults on the power grid.

Bank Info Security 2 years, 3 months ago

Hugging Face Vulnerabilities Highlight AI-as-a-Service Risks

Researchers Say Illegal Access to Private AI models Can Enable Cross-Tenant AttacksSecurity researchers have discovered two critical vulnerabilities in the Hugging Face AI platform that exposed potential gaps for attackers seeking unauthorized access and manipulation of customer data and models. The risks highlight the security concerns about AI-as-a-service offerings.