Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view

A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization. The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog.

Bank Info Security 2 years, 3 months ago

Backdoor Found and Defused in Widely Used Linux Utility XZ

Malicious Code in Utility Designed to Facilitate Full, Remote Access to SystemNation-state attackers apparently backdoored widely used, open source data compression software as part of a supply-chain attack. Malicious code inserted into recent versions of XZ Utils was designed to facilitate full, remote access to an infected system.