GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider
Separate Breach Details Can Bleed Into Each Other, Incident Responders FindCybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security incident can contaminate a report into a separate incident, if both get drafted using the same AI tool in the same session, researchers warn.
ESET says factory outages, lost revenue, and supply chain disruption are becoming routine Nearly 80 percent of British manufacturers say they've been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual.…
Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts
University of Hawaii Cancer Center Paid RansomCancer patients who participated in University of Hawaii Cancer Center studies during the 1990s may soon receive a notification that ransomware hackers stole their data in an August 2025 incident. Experts said the hack spotlights concerning risks involving compromises of medical research data.
Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes
Clinical Diagnostics Lab Hack Among Latest Recent Cyberattacks in the NetherlandsA Dutch population health research agency is notifying 485,000 participants of a cervical cancer screening program of a hacking incident at a clinical diagnostics laboratory that potentially compromised patients' personal and health information, including lab test results.
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.
Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow
New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year
Cyber incident details involving non-profit and non-government entities across sectors such as healthcare are not centrally reported and collected, creating gaps for researchers, IT experts and others seeking to analyze trends in their industries, said Stanley Mierzwa of Kean University.
Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code
Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider. The challenge for many is detecting those threats before they lead to full
Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation