Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 14 most recent headlines Filtered view
Bank Info Security 4 weeks, 1 day ago

Breach Roundup: ShinyHunters Leaks 26M MSG Records

Also, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla FlawThis week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims - and more compelling cybersecurity news.

Bank Info Security 1 month, 3 weeks ago

Breach Roundup: Shai-Hulud Copycat Hits npm

Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug SpamThis week, more incidents than we can list here. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven story. A MENA crackdown.

Bank Info Security 2 months ago

Linux Defenders Face Patch and Exploit Race

Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.

Bank Info Security 2 months, 1 week ago

'Dirty Frag' Gives Root on Linux Distros

No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.

Bank Info Security 2 months, 2 weeks ago

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of ScanningPatch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted researcher.

Bank Info Security 1 year, 1 month ago

Linux Crash Dump Flaws Expose Passwords, Encryption Keys

Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory DataHackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes.

Bank Info Security 1 year, 1 month ago

Linux Zero-Day Vulnerability Discovered Using Frontier AI

Vulnerability Researchers: Start Tracking LLM Capabilities, Says Veteran Bug HunterLarge language models have taken a big step forward in their ability to help chase down code flaws, said a vulnerability researcher who successfully trained OpenAI's o3 to review Linux kernel code, leading to the LLM - in an apparent first - discovering a new zero-day vulnerability in the code.

Bank Info Security 1 year, 6 months ago

Researchers Spot Serious UEFI Secure Boot Bypass Flaw

Attackers Can Employ a Vulnerable Driver to Target Most Windows and Linux SystemsResearchers are warning Microsoft Windows as well as many Linux distribution users to install updates that revoke permissions for a vulnerable driver that attackers can use to target most systems, allowing them to bypass UEFI Secure Boot and install a bootkit to take full control of a system.

Bank Info Security 1 year, 7 months ago

OpenWrt Update Flaw Exposed Devices to Malicious Firmware

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity CheckA critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143.

Bank Info Security 1 year, 9 months ago

Linux Distros Patching Printer Hijacking Flaw

Exploitation Requires Victim to Print On Rogue PrinterAttackers can exploit a series of vulnerabilities in the OpenPrinting Common Unix Printing System utility to remotely execute arbitrary code on certain machines. Major Linux distributions reacted Friday by releasing patches. Exploitation requires a victim to attempt to print from a malicious device.

Bank Info Security 2 years, 2 months ago

Breach Roundup: Kimsuky Serves Linux Trojan

Also: Turla Targets European Missions and Google Patches Chrome Zero-DaysThis week, hackers used a Linus backdoor and a Microsoft client management tool; Santander Bank, the Helsinki Education Division, an Australian energy provider and auction house Christie's were breached; hackers targeted European missions in the Middle East; and Google patched a zero-day flaw.

Bank Info Security 2 years, 5 months ago

Ivanti Uses End-of-Life Operating Systems, Software Packages

Outdated Software, Exploited Flaws, Security Loopholes Expose Ivanti's DevicesSupply chain security firm Eclypsium found corporate VPN maker Ivanti's Pulse Secure devices - which underwent much emergency patching amid a likely Chinese espionage zero-day hacking campaign - operate on an 11-year old version of Linux and use many obsolete software packages.

Bank Info Security 2 years, 5 months ago

Breach Roundup: US Bans AI Robocalls

Also: A Widespread Linux Bootloader VulnerabilityThis week, the U.S. banned AI robocalls, researchers discovered a Linux bootloader flaw, France investigated health sector hackings, the feds offered money for Hive information, Verizon disclosed an insider breach, Germany opened a cybersecurity center, and cyberattack victims reported high costs.

Bank Info Security 2 years, 7 months ago

CISA Urges Patching as Hackers Exploit 'Looney Tunables' Bug

Kinsing Threat Actor Observed Targeting Vulnerable Cloud Environments With New FlawThe Cybersecurity and Infrastructure Security Agency is requiring federal agencies to patch Linux devices on their networks and urging private sector organizations to do the same after security researchers observed threat actors exploiting a new vulnerability on many major Linux distributions.