Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view
Bank Info Security 10 months ago

Shai Hulud Burrows Into NPM Repository

JavaScript Repository Contends With Wormable Malicious CodeAn apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has called one of the most severe JavaScript supply-chain attacks so far. A malicious script exfiltrated data to GitHub repositories named "Shai-Hulud."

Bank Info Security 1 year, 4 months ago

Second GitHub Actions Supply Chain Attack Discovered

Malicious Code Injected in reviewdog Just Hours Before tj-actions BackdooredJust days after researchers discovered an attack that subverted a widely used tool for software development platform GitHub, they discovered a second, prior attack, as part of what one expert said may be "a chain of supply chain attacks eventually leading to a specific high-value target."

Over 23,000 Code Repositories at Risk After Malicious Code Added to GitHub ActionAttackers subverted a widely used tool for software development environment GitHub, potentially allowing them to steal secrets from thousands of private code repositories as well as compromise other, widely used "open source libraries, binaries and artifacts" that use the tool, experts warned.

Bank Info Security 2 years, 2 months ago

Microsoft Releases New-Open Source Tool for OT Security

ICSpector Is Now on GitHub, Scans PLCs, Extracts Info and Detects Malicious CodeMicrosoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure. ICSpector, available on GitHub, can scan PLCs, extract information and detect malicious code.