Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 16 most recent headlines Filtered view

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths

Bank Info Security 9 months, 3 weeks ago

Feds Isolate Cisco Firewalls to Defend Against 'Arcane Door'

CISA Issues Emergency Directive After Cisco Exploits Persist After RebootCISA issued an emergency directive Thursday after discovering an advanced hacking campaign exploiting two persistent zero-days in Cisco firewall gear - malware that survives system reboots and upgrades - forcing agencies to disconnect vulnerable devices by Friday.

Bank Info Security 10 months, 1 week ago

Cryptohack Roundup: El Salvador Splits Bitcoin Reserve

Also: PowerShell-Based Cryptojacking Attack, a Malvertising CampaignThis week, El Salvador split its bitcoin reserve, an Indian court jailed cops for crypto kidnapping, a PowerShell-based cryptojacking attack, a malvertising campaign targeted Android users, a Venus Protocol hack, malware hid in npm packages using smart contracts for evasion and Bunni DEX exploit.

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.

Also: CoinMarketCap Attack, BitPro Blames Lazarus for $11M HackThis week, a new malware targeted crypto wallets via photos, CoinMarketCap faced attack, BitoPro blamed Lazarus for heist, Trezor warned of phishing scam, France saw another crypto kidnapping, cops re-arrested teen after second theft, Hacken blamed human error for exploit and Self Chain ousted CEO.

Bank Info Security 1 year, 1 month ago

Cryptohack Roundup: $223M Cetus Exploit

Also: Mango Markets Hacker's Convictions Overturned, Coinbase LawsuitThis week, $223M Cetus Protocol hack, U.S. judge overturned Mango Markets hacker convictions, class action lawsuit against Coinbase, Cork Protocol's $12M exploit, fake software sites spread crypto-stealing malware, a violent crypto-linked kidnapping and civil proceedings against the ex-ACX exec.

Bank Info Security 1 year, 4 months ago

Chinese Hackers Exploit Windows Tool to Install Backdoors

Mustang Panda Uses MAVInject to Evade Antivirus DetectionA Chinese state-sponsored hacking group is abusing a legitimate Microsoft tool to evade security and install backdoors on government systems in the Asia-Pacific region. The threat actor uses MAVInject.exe to inject malware into waitfor.exe.

From Automotive Exploits and Bootloader Bugs to Cybercrime and 'LLMbotomy' TrojansBlack Hat Europe returns to London with more than 45 keynotes and briefings tackling everything from bootloader bugs and flaws in artificial intelligence and large language model tools, to disrupting fake online brokerages and remotely hacking Volkswagen entertainment systems to track vehicles.

Bank Info Security 2 years, 7 months ago

Lazarus Exploits Log4Shell to Deploy Telegram-Based Malware

North Korean Hackers Deploy Novel Malware FamiliesNorth Korean hacking group Lazarus Group is exploiting Log4Shell to target manufacturing, agriculture and physical security sectors, resulting in the deployment of a tailored implant on compromised systems. The attack campaign targeted publicly accessible VMware Horizon servers.

Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. [...]

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information