Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication

Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

Bank Info Security 1 year, 6 months ago

'DoubleClickjacking' Threatens Major Websites’ Security

Flaw Bypasses Clickjacking Defenses, Enables Account TakeoversHackers are exploiting the split-second delay between two mouse clicks to carry out sophisticated clickjacking attacks, tricking victims into authorizing transactions or granting access they never intended. "DoubleClickjacking" manipulates users into granting OAuth and API permissions

Bank Info Security 1 year, 10 months ago

Microsoft Copilot Fixes ASCII Smuggling Vulnerability

Security Researcher Uncovered the Flaw, Which Allowed System TakeoverMicrosoft says it fixed a security flaw in artificial intelligence chatbot Copilot that enabled attackers to steal multifactor authentication code using a prompt injection attack. Security researcher Johann Rehberger said he discovered a way to invisibly force Copilot to send data.

Bank Info Security 2 years, 1 month ago

Snowflake Clients Targeted With Credential Attacks

Company Says Single-Factor Authentication Accounts Are to Blame - Not a FlawHackers are targeting clients of artificial intelligence data platform provider Snowflake that lack multifactor authentication, the company warns. Threat actors are compromising organizations’ Snowflake customer tenants by using stolen credentials obtained by info-stealing malware, said Mandiant.