Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems
Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…
Google Unmasks, Disrupts Group Using Sheets for Command-and-Control PurposesLikely Chinese nation-state hackers used online spreadsheets as infrastructure for hacking campaigns that affected at least 53 telecom operators across 42 countries, Google disclosed Wednesday. Incident responders discovered a backdoor being remotely controlled through Google Sheets.
Full scale of infections remains 'unknown' China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Google's Mandiant incident response team.…
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts
Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account
AT&T and Verizon refused to hand over the security assessments, says Cantwell US Senator Maria Cantwell (D-WA) has demanded that Google-owned incident response firm Mandiant hand over the Salt Typhoon-related security assessments of AT&T and Verizon that, according to the lawmakers, both operators have thus far refused to give Congress.…
Juniper Networks Urges Immediate Updating and Malware Scans to Block AttackersHackers have been infecting outdated Juniper MX routers with backdoor malware as part of an apparent cyberespionage campaign that traces to a Chinese-affiliated hacking team tracked as UNC 3886, warned Google's Mandiant incident response group.
Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner
As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought
Sandra Joyce, Jurgen Kutscher to Oversee Mandiant Threat Intel, IR Business UnitsKevin Mandia will vacate the CEO position at his namesake company 20 months after the threat intelligence and incident response titan was bought by Google. Mandia's May 31 transition into an advisory role at Google will cap off two decades of private sector leadership for the U.S. Air Force veteran.
Chronicle CyberShield will be offered as a managed service with security monitoring and Mandiant incident response included.
The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors
Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack
Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant