Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

45 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 45 Filtered view
Bank Info Security 1 month, 4 weeks ago

Only a Handful of CVEs Mattered for Supply Chain in 2025

Is the Vulnerability Exposed and Easily Exploitable?Not all supply chain vulnerabilities are alike. Between the exploding volume of new CVEs and the number of actual mass attacks, there lies a sweet spot of just dozens of vulnerabilities to quickly patch to head off risk. No company is able to address every new vulnerability.

Bank Info Security 3 months, 1 week ago

Claude Mythos Preview Creates Early Edge for Cyber Titans

Project Glasswing Strengthens Key Platforms, Leaves Broad Exposure UntouchedProject Glasswing is giving select cybersecurity giants early access to Anthropic’s Claude Mythos Preview, boosting investor confidence in leaders Palo Alto Networks and CrowdStrike while raising concerns that smaller vendors, vulnerability firms and the broader internet will fall further behind.

Individual Vulnerability Severity Not Always a Good Measure of Risk ExposureA mainstay of IT security programs across the world, the Common Vulnerability Scoring System, may have terminal flaws when applied to the mirror universe of operational technology - a place where ordinary assumptions about risk don't apply.

Bank Info Security 4 months ago

UK Agency Exposed Corporate Executive Data

Directory Traversal Flaw Found in Companies HouseThe British government's company register service temporarily deactivated its online filing service after someone found a serious vulnerability that allowed people to access directors' sensitive personal data and potentially even amend companies' records or file bogus accounts on their behalf.

Startup Platform Targets Autonomous Detection and Exposure ManagementCybersecurity startup Kai emerged from stealth with $125 million in funding led by Evolution Equity to develop an agentic AI platform that automates exposure management, threat intelligence, analysis and detection workflows while helping security teams remediate vulnerabilities faster.

Bank Info Security 4 months, 1 week ago

Canadian Manufacturers Confront Rising OT Cyber Risk

ManuSec Canada Speakers From Subaru and Toronto Transit Discuss Cyber ResilienceCanadian manufacturers face rising cyber risk as IT and OT systems converge. Leaders from Subaru Canada and the Toronto Transit Commission outline how ransomware, supply chain exposure and legacy OT vulnerabilities demand stronger resilience, segmentation and incident response readiness.

Bank Info Security 4 months, 3 weeks ago

Arctic Wolf Buys Sevco for Exposure Management, Asset Depth

Asset Intelligence Deal Deepens Exposure Visibility, CTEM and Risk PrioritizationArctic Wolf is adding Sevco's cyber asset management capabilities to its platform, aiming to unify asset intelligence, configuration management and threat telemetry. Executives say the CTEM-focused deal will help security teams reduce exposure and better align vulnerability data with active threats.

Bank Info Security 4 months, 3 weeks ago

Startup Astelia Secures $35M for AI Vulnerability Management

Index Ventures Backs End-to-End Platform, Targeting of AI-Driven Vulnerability RiskAstelia raised $35 million in Series A funding led by Index Ventures to scale its AI-powered exposure management tool. The company uses AI agents and network analysis to help enterprises prioritize exploitable vulnerabilities and reduce remediation noise across hybrid and on-premises environments.

Bank Info Security 6 months, 2 weeks ago

75,000 MongoDBs Exposed as Attackers Exploit 'MongoBleed'

Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code ExecutionAn attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Bank Info Security 7 months, 2 weeks ago

When ERP Systems Become the Attack Surface

Skills Needed: Enterprise Architecture, Configuration and Vulnerability ManagementWhen a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.

Bank Info Security 8 months, 4 weeks ago

How Unified Exposure Management Cuts Risk, Boosts Efficiency

Tenable's Nate Dyer on Moving Beyond Traditional Vulnerability ManagementVulnerability management no longer covers the full attack surface. Nathan Dyer of Tenable explains how unified exposure management helps reduce risk, shrink ticket volume and increase operational efficiency by unifying data, context and response across teams.

NCSC Chief Says Recent Retailer Hacks Should Be 'Wake-Up Call' for Cyber DefendersThe number of cyberattacks in the United Kingdom surged 50% in the past year, with ransomware continuing to be the top threat. National Cyber Security Centre CEO Richard Horne said recent high-profile hacks at major retailers exposed supply chain vulnerabilities and are a "wake-up call" to defenders.

Bank Info Security 9 months, 1 week ago

Fortra Confirms 'Unauthorized Activity' Hit GoAnywhere MFT

Medusa Ransomware Group Tied to Exploits of Now-Patched Zero-Day VulnerabilityRecent attacks targeting Fortra's GoAnywhere managed file transfer software exploited a "limited" number of customers who set their on-premises installations to have an administrative console publicly exposed to the internet, which the vendor recommends customers never do.

Bank Info Security 9 months, 3 weeks ago

Salesforce Patches CRM Data Exfiltration Vulnerability

Agentforce Agentic AI Tool Was Exposed to Indirect Prompt Injection AttacksSalesforce has patched a vulnerability involving its Agentforce agentic artificial intelligence tool, discovered by researchers, that attackers could have exploited using an indirect prompt injection attack to steal sensitive customer data and leads being stored in the CRM system.

Bank Info Security 10 months, 2 weeks ago

Exposed LLM Servers Expose Ollama Risks

Over 1,100 Ollama Servers Leave Enterprise Models Vulnerable: Cisco TalosMore than a thousand servers running Ollama, a tool that can deploy artificial intelligence models locally, are exposed to the open internet, leaving many of them vulnerable to misuse and potential attacks. The bulk are dormant, but could be exploited through misconfiguration, Cisco Talos said.

Traditional security testing tools can’t keep pace with modern threats—or prove which vulnerabilities truly matter. Discover how Adversarial Exposure Validation (AEV) bridges the gap by continuously simulating real-world attacks to reveal exploitable exposures, prioritize risk, and empower smarter security decisions. Learn why AEV is the missing link in your CTEM strategy and how BreachLock is leading the way.

Hypori's Lewandowski on Eliminating Data and Apps From Personal DevicesTraditional BYOD strategies rely on managing personal devices directly, which introduces privacy concerns and leaves organizations vulnerable to attacks such as phishing, network compromise and device rooting, said Wayne Lewandowski, chief revenue officer at Hypori.

Thousands of MCP Servers Leave AI Apps Open to Attack SurfacesHundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Loading more headlines...