Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

61 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 61 Filtered view

CISA Lauded for Fast Response, Transparency and Detailing Security RecommendationsSecure developers' use of public code repositories, monitor them for secrets and if they get exposed, have a well-tested incident response playbook at the ready. The U.S. Cybersecurity and Infrastructure Security Agency has shared these and other lessons learned after suffering a data leak.

A U.S. government agency paid $1M to Kairos, a group focused on data theft and extortion rather than ransomware, Ransom-ISAC reports. A new case study from Ransom-ISAC reconstructs a complete data-extortion incident involving a U.S. government body and a threat actor called Kairos, using a leaked negotiation transcript and blockchain tracing of the ransom payment. […]

Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blamed an outfit called Context.ai for the mess.…

Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.

Bank Info Security 6 months, 4 weeks ago

MedStar Health Notifying Patients of Data Theft Breach

Ransomware Gang Rhysida Leaks 3.7TB of Data Stolen From Maryland Hospital SystemMaryland-based MedStar Health, which operates 10 hospitals, is notifying patients about a data theft incident affecting their personal information. Ransomware group Rhysida claims on its darkweb leak site to have 3.7 terabytes of MedStar's data, including "over 7 million pieces of patient data."

Class Members Can Claim Up to $5K Each for Documented Losses Tied to BreachA small, rural county-owned Georgia community hospital has agreed to settle consolidated class action litigation involving a 2024 hacking incident in which ransomware gang Embargo claimed to have stolen 1.15 terabytes of the organization's data and leaked it on the darkweb.

Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. [...]

Bank Info Security 1 year, 2 months ago

Agentic AI Tech Firm Says Health Data Leak Affects 483,000

Serviceaide Incident Exposed Patient Data of Catholic Health, a NY-Based ClientServiceaide, a provider of agentic AI-based IT management and workflow software, reported to regulators that an inadvertent exposure of data on the web has affected more than 483,000 patients of client Catholic Health, a network of six hospitals and dozens of other facilities in western New York.

Researcher Found Unsecured Database Server Containing 1,864 GB of OrthoMinds' DataAn orthodontic practice software vendor is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last November. The security researcher who discovered the data leak said the incident appears to have lasted longer and affected more than 200,000 patients.

Loading more headlines...