Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

29 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 29 Filtered view
Bank Info Security 2 months, 3 weeks ago

How AI Supply-Chain Monitor Spotted Unfolding Axios Attack

Lightweight LLM-Driven Process Alerted Elastic's Security Team, Says James SpiteriElastic Security Labs quickly spotted the unfolding supply-chain attack that backdoored the popular JavaScript library Axios, thanks to a lightweight, AI-driven tool a researcher created to assess if repository changes looked malicious. Elastic's James Spiteri says further use cases abound.

Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome – a stark […] The post Why the Axios attack proves AI is mandatory for supply chain security appeared first on CyberScoop.

Bank Info Security 3 months, 2 weeks ago

Backdooring of JavaScript Library Axios Tied to North Korea

Expect Fallout After Remote Access Trojan Added to Popular JavaScript NPM PackageA supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, remote access Trojan. Identifying the full fallout from the attack could take some time, experts warned.

Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…

Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems

Loading more headlines...