Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 19 most recent headlines Filtered view
Bank Info Security 4 days, 20 hours ago

Jscrambler npm Breach Exposes Developers to Malware

Malware Harvested Cloud Credentials, Source Code and Deployment TokensAttackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.

FBI says TeamPCP poisoned trusted developer tools to steal cloud credentials, spread malware through software updates, and extort victims. On July 2, 2026, the FBI published a FLASH alert identifying the criminal group called TeamPCP and detailing how it compromised widely used developer and security tools to steal credentials from victim environments at scale. The […]

Microsoft Security Research 1 month, 4 weeks ago

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised identity into a cloud-wide breach appeared first on Microsoft Security Blog.

Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…

The Register 3 years, 3 months ago

AlienFox malware caught in the cloud hen house

Malicious toolkit targets misconfigured hosts in AWS and Office 365 A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.…