Attackers Seize Exposed AI Endpoints to Power Offensive Ops
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.
Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.
Joint integration delivers effective DSPM enforcement for self-managed customers starting with credential-free access, risk-based continuous authentication, and protection from data exposure.