Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

150 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 150 Filtered view
Bank Info Security 23 hours, 53 minutes ago

Lessons Learned: US Cybersecurity Agency Leaked Secrets

CISA Lauded for Fast Response, Transparency and Detailing Security RecommendationsSecure developers' use of public code repositories, monitor them for secrets and if they get exposed, have a well-tested incident response playbook at the ready. The U.S. Cybersecurity and Infrastructure Security Agency has shared these and other lessons learned after suffering a data leak.

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

A simple website flaw exposed members, political profiles, login tokens, and dating data from Peter Thiel ‘s secretive Dialog network. Dialog, a private invitation-only organization cofounded in 2006 by billionaire tech investor Peter Thiel, has spent two decades refusing to disclose its membership. That position became harder to maintain last week when Swiss hacktivist maia […]

24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th containing 24 billion records and more than 8.3 terabytes of data. They triple-checked the numbers. […]

Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked. On June 11, 2026, the Iran-linked threat group Handala posted a claim on its blog that it had compromised California Water Service, known as Cal Water, and published a 5GB proof-of-concept data dump to back it […]

A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories that usually grab headlines. There’s no slick branding, no leak-site countdown, no gang posting memes on Telegram. In most cases, there’s just a […]

Krebs on Security 1 month, 4 weeks ago

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.

Bank Info Security 2 months, 2 weeks ago

Home Security Firm ADT Breach: 5.5M Customers' Data Exposed

Prolific ShinyHunters Extortion Group Made 'Pay or Leak' Threat to VictimHome security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee.

A lesson in how not to respond to vulnerability reports UPDATED Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…

Also, Eurail Breach, ChipSoft Hospital Disruptions, W3LL Phishing TakedownThis week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda scams, major data leaks hit healthcare and China, ransomware and phishing ops surged, and multiple breaches impacted firms and hospitals.

Bank Info Security 3 months, 2 weeks ago

Your AI Vendor's Worst Enemy Is Its Own Development Pipeline

Anthropic's Mythos Leak Points to Pattern of Failures, Sloppy Practices at AI LabsAnthropic accidentally exposed its most powerful unreleased AI model to compromise, and days later shipped its flagship coding tool's full source code without meaning to. Meta, Microsoft and OpenAI have each had comparable moments. Questions linger about the integrity of third-party AI tools.

Loading more headlines...