Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

Bank Info Security 6 months, 2 weeks ago

RondoDox Botnet Exploiting Devices With React2Shell Flaw

The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at ScaleSecurity firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox.

High-Severity Flaw in LangChain's AI Tooling Hub Now PatchedA flaw in the LangSmith platform, an open-source framework that helps developers build LLM-powered applications, can enable hackers to siphon sensitive data, said Noma Security. Dubbed AgentSmith, the flaw can allow attackers to embed malicious proxy configurations into public AI agents.

Bank Info Security 2 years, 3 months ago

ShadowRay Attack Strikes AI Workloads

Thousands of AI Workloads Compromised Amid CVE Vulnerability DisputeAn active attack campaign dubbed ShadowRay is targeting the widely used Ray open-source artificial intelligence scaling framework. It stems from a vulnerability that researchers say is a flaw but that Ray's developers say is a deliberate design choice.