Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 21 Filtered view
Bank Info Security 2 months, 2 weeks ago

Researchers Find 38 Flaws in OpenEMR. They've Been Fixed

AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity VulnerabilitiesResearchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems.

Bank Info Security 4 months, 4 weeks ago

Breach Roundup: Cambodia Scam Center Crackdown

Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-DayThis week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.

Bank Info Security 7 months, 2 weeks ago

CISA Warns of Severe Flaws in Nuclear Med Tracking Software

Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS SoftwareU.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information.

Bank Info Security 7 months, 3 weeks ago

Breach Roundup: Recently Patched Oracle Flaw Under Attack

Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell's Soup Cans CISOThis week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and Campbell's canned its CISO.

Bank Info Security 10 months, 3 weeks ago

Copilot Kept Access Logs Unless You Told It Not To

Copilot Falls for Prompt Injection Yet AgainMicrosoft quietly fixed a flaw that allowed users to instruct embedded artificial intelligence model Copilot not to log its access corporate files. "If you work at an organization that used Copilot prior to Aug 18, there is a very real chance that your audit log is incomplete."

Oracle Cloud Infrastructure Flaw Enabled Malicious File Uploads, Researchers FoundExploring Oracle Cloud Infrastructure, researchers at Tenable found that Oracle's console-based Code Editor tool failed to block arbitrary file uploads, and could be silently exploited via drive-by attacks to install malware. They said Oracle has now fixed the vulnerability.

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra IDA flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Bank Info Security 1 year, 2 months ago

Breach Roundup: SAP NetWeaver Flaw Draws Hackers

Also, DOGE Employee’s Credentials Found in Infostealer DumpsThis week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws.

Bank Info Security 1 year, 3 months ago

Google Cloud Fix Blocks Unauthorized Container Access

Attacker With Project Access Could Have Retrieved Private Images, Researchers SaidGoogle has fixed Google Cloud Platform vulnerability attackers could have exploited to gain unauthorized access to private container images, due to access restriction shortcomings. Researchers said the flaw highlights how services built atop other services can pose unexpected security risks.

Bank Info Security 1 year, 3 months ago

Breach Roundup: A WhatsApp Flaw Ushered in Spyware

Also: France Temporarily Lifts Pavel Durov's Travel Ban Amid Telegram ProbeThis week, Paragon Solutions spread through WhatsApp, France suspended Pavel Durov's travel ban, Vapor malware hit 60M Android users, state-backed hackers exploit a Windows flaw, Western Alliance Bank exposed customers data, Apple fixed a passwords bug, and a sperm bank exposed customer information.

Bank Info Security 1 year, 8 months ago

Google AI Agent Finds Zero-Day in Popular Database Engine

Now-Fixed Flaw Is Big Sleep's First Real-World Bug Find, Say ResearchersGoogle's "highly experimental" artificial intelligence agent Big Sleep has autonomously discovered an exploitable memory flaw in popular open-source database engine SQLite. The researchers detail how the AI agent discovered the now-patched vulnerability.

Bank Info Security 1 year, 10 months ago

North Korean Hackers Tied to Exploits of Chromium Zero-Day

Cryptocurrency Users Targeted in Latest Campaign Involving FudModule RootkitA hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.

Bank Info Security 1 year, 10 months ago

Breach Roundup: Ex-Verizon Worker Cops to Spying for China

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle SamThis week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.

Bank Info Security 1 year, 10 months ago

Microsoft Copilot Fixes ASCII Smuggling Vulnerability

Security Researcher Uncovered the Flaw, Which Allowed System TakeoverMicrosoft says it fixed a security flaw in artificial intelligence chatbot Copilot that enabled attackers to steal multifactor authentication code using a prompt injection attack. Security researcher Johann Rehberger said he discovered a way to invisibly force Copilot to send data.

Bank Info Security 1 year, 10 months ago

Breach Roundup: Microsoft Fixed Copilot Studio Flaw

Also: Microsoft Recall; Microchip Technology Attack; FCC Fine for Deepfake AudioThis week, a flaw was found in Microsoft Copilot's Studio, Microsoft announced rollout of the Recall feature, Microchip Technology was hit by a cyberattack, FlightAware data was exposed, Equiniti and Lingo Telecom were fined for cyber-related incidents, and Toyota suffered a third-party breach.

Also: Chinese Cyberespionage, Defiant Cleveland, and a Spanish Ransomware AttackThis week, ONNX targeted Microsoft 365, Symantec spotted Chinese espionage, AMD may have been breached, Cleveland vowed to defy hackers, Black Basta hit a Spanish firm, Pakistani hackers targeted India, Microsoft said it fixed flaws in Azure, and the U.S. and Indonesia held a cybersecurity exercise.

Bank Info Security 2 years, 1 month ago

Zyxel Releases Emergency Security Update for NAS Devices

Company Addresses Flaws in End-of-Life NAS DevicesNetworking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.

Loading more headlines...