Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 21 Filtered view
Bank Info Security 18 hours, 23 minutes ago

CISA Adds FortiSandbox Bugs to KEV Catalog

Agencies Have Until Sunday to Patch Two Critical Command Injection FlawsCISA added two critical FortiSandbox command injection vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active attacks. Experts warn that unauthenticated remote code execution could let attackers compromise malware analysis systems and pivot deeper into enterprise networks.

Bank Info Security 4 weeks, 1 day ago

Breach Roundup: ShinyHunters Leaks 26M MSG Records

Also, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla FlawThis week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims - and more compelling cybersecurity news.

Bank Info Security 2 months, 3 weeks ago

Breach Roundup: Myanmar Scam Compound Managers Charged

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal HitThis week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

Bank Info Security 3 months, 2 weeks ago

CISA Flags Critical Flaw in Grassroots DICOM Imaging Library

Researcher: If Exploited, Bug Could Crash Hospital Medical Imaging SystemsThe Cybersecurity Infrastructure and Security Agency is warning of a high severity in Grassroots DICOM, an open-source library commonly used for medical imaging products, that if exploited could allow an attacker to send a specially crafted file resulting in a denial-of-service situation.

Also: Spanish Hacker Granted Russian Asylum, Microsoft Patches Zero-DaysThis week, a CISA warning, Nest footage in Nancy Guthrie case, Signal phishing. Spanish hacker, Russian asylum. Spanish ministry services offline. BYOVD ransomware. The Conduent breach hit Volvo. Microsoft patched zero-days. ZeroDayRAT targeted devices. The SmarterMail breach. Another Fortinet flaw.

Bank Info Security 5 months, 2 weeks ago

Breach Roundup: Android RAT Hides Behind Hugging Face

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads GuiltyThis week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

Bank Info Security 7 months, 2 weeks ago

CISA Warns of Severe Flaws in Nuclear Med Tracking Software

Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS SoftwareU.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.

CISA Says Agencies Believed They Patched Cisco Flaws But Had NotThe U.S. cyber defense agency issued new patch guidance after discovering multiple federal agencies failed to properly secure Cisco firewalls, leaving federal networks exposed to exploitation by a suspected Chinese threat actor despite a prior emergency directive.

Bank Info Security 8 months, 2 weeks ago

Hospital System Flaws Could Leak Patient Data, CISA Says

Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access DataU.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States.

Bank Info Security 8 months, 3 weeks ago

CISA Flags Highly Exploitable Windows SMB Flaw

NTLM Reflection Attack Strikes AgainA three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw's exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks.

Bank Info Security 11 months, 1 week ago

Microsoft Warns of Hybrid Exchange Deployment Flaw

CISA Issues Emergency Directive Requiring Federal Agencies to Fix FlawA vulnerability in Exchange hybrid deployments could allow attackers to escalate privileges and gain administrative access to cloud-based environments. Microsoft said Tuesday there is no evidence of its exploitation and "strongly" recommended installing hot fix updates made available in April.

Bank Info Security 11 months, 1 week ago

Five-Year-Old D-Link Bugs Under Active Exploitation

CISA Lists Flaws as Actively ExploitedHackers are actively exploiting years-old flaws in obsolete Wi-Fi cameras and video recorders made by D-Link, warn U.S. cybersecurity authorities. Possibly Chinese hackers have used one of the flaws to implant HiatusRAT malware. "Attackers don’t care if a vulnerability is new or old."

Bank Info Security 11 months, 1 week ago

Five-Year-Old D-Link Bugs See Active Exploitation

CISA Lists Flaws as Actively ExploitedHackers are actively exploiting years-old flaws in obsolete Wi-Fi cameras and video recorders made by D-Link, warn U.S. cybersecurity authorities. Possibly Chinese hackers have used one of the flaws to implant HiatusRAT malware. "Attackers don’t care if a vulnerability is new or old."

Also: CISA Warns of Unpatched Train Brake VulnerabilityThis week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier.

Bank Info Security 1 year, 2 months ago

Breach Roundup: Surge in Edge Device Zero-Day Exploits

Also, Baltimore Public Schools Suffer Data Breach, Disney Menu Hacker SentencedThis week, zero-day exploits surged, accused Nefilim hacker extradited, Baltimore schools breach, CISA lists Broadcom Brocade, Commvault flaws, a fake WooCommerce patch, Akira hit Hitachi Vantara, ex-Disney worker sentenced and a Darcula phishing kit upgrade. FBI published 42,000 phishing domains.

Bank Info Security 1 year, 4 months ago

Breach Roundup: US Army Officer Guilty of Selling Data

Also, AI Video Mocking Trump and Musk Disrupts HUD OfficesThis week, a U.S. Army soldier pleaded guilty, an AI video displayed to federal workers mocked Donald Trump and Elon Musk, a Saudi firm hit by ransomware, a new North Korean scam, hackers targeted Ukrainian notaries, CISA flagged two flaws, a botnet targeted Microsoft 365 and unpatched Ivanti VPNs.

Bank Info Security 1 year, 5 months ago

Hackers Are Exploiting Trimble Cityworks, CISA Warns

Feds Order Agencies to Patch Critical Flaw in Widely Used Local Government SystemHackers are exploiting a critical vulnerability in Trimble's Cityworks platform, an infrastructure management tool used by governments that enables remote code execution on Microsoft IIS web servers. CISA has ordered federal civilian agencies to patch a critical vulnerability by Feb. 28.

Hackers Unlikley to Exploit Flaws in The WildSecurity researchers found an unpatchable flaw in the system that prevents commercial aircraft from crashing into each other, the U.S. federal government said in a Tuesday advisory that called the likelihood of its exploitation "unlikely" outside of a laboratory setting

Bank Info Security 1 year, 8 months ago

CISA Warns of Active Attacks on Critical Palo Alto Exploit

CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack DiscoveryThe Cybersecurity and Infrastructure Security agency warned Palo Alto Networks that a critical vulnerability the technology giant previously patched has been actively exploited since then, according to a new advisory, potentially exposing configuration secrets and credentials.

Attackers Are Targeting the Widely Used Mirth Connect Data Integration PlatformCyberattackers are actively exploiting a vulnerability in the NextGen Healthcare Mirth Connect product, an open-source data integration platform widely used by healthcare companies, said CISA in an alert Monday. The flaw, which allows remote code execution, has been known since October 2023.

Loading more headlines...