Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view
Bank Info Security 2 months, 2 weeks ago

Researchers Find 38 Flaws in OpenEMR. They've Been Fixed

AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity VulnerabilitiesResearchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems.

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging FaceResearchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code ExecutionAn attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Bank Info Security 11 months, 1 week ago

Nvidia Patches Trio of Triton Vulnerabilities

Chip Manufacturer Shore Up Loose Server EndsArtificial chip maker giant Nvidia published patches for its open-source platform allowing users to run models at scale after researchers found hackers could gain complete control of the underlying server - allowing them to steal the models, manipulate its responses and steal data.

Bank Info Security 1 year, 5 months ago

French AI Action Summit, What Can We Expect?

Summit to Focus on Open-Source, AI Governance and DevelopmentThe historic presidential Élysée Palace in Central Paris will host world leaders, tech CEOs and researchers for the French AI Action Summit, a two-day event that will commence on Monday. U.S. Vice President JD Vance, OpenAI CEO Sam Altman and Google's Sundar Pichai will be on hand.

Bank Info Security 1 year, 7 months ago

Google AI Tool Finds 26 Bugs in Open-Source Projects

One Vulnerability Had Been Undiscovered for Two Decades, Researchers SaidGoogle researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said.

Bank Info Security 1 year, 8 months ago

Google AI Agent Finds Zero-Day in Popular Database Engine

Now-Fixed Flaw Is Big Sleep's First Real-World Bug Find, Say ResearchersGoogle's "highly experimental" artificial intelligence agent Big Sleep has autonomously discovered an exploitable memory flaw in popular open-source database engine SQLite. The researchers detail how the AI agent discovered the now-patched vulnerability.

Companies Eager for Tools Are Putting AI's Transformative Power Ahead of SecurityHackers targeting a popular open-source project for running artificial intelligence tool Ollama could run into a big "Probllama" if they haven't yet patched, said security researchers from Wiz. Companies are focusing on AI's transformative power at the cost of its security.

Bank Info Security 2 years, 3 months ago

ShadowRay Attack Strikes AI Workloads

Thousands of AI Workloads Compromised Amid CVE Vulnerability DisputeAn active attack campaign dubbed ShadowRay is targeting the widely used Ray open-source artificial intelligence scaling framework. It stems from a vulnerability that researchers say is a flaw but that Ray's developers say is a deliberate design choice.

Bank Info Security 2 years, 7 months ago

Hackers Keep Winning by Gambling on SQL Injection Exploits

Gambling and Retail Firms Top Targets of 'GambleForce' Group, Researchers WarnA recently spotted hacking group with a penchant for using open source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, codenamed GambleForce, which appears to focus on gambling and retail firms.

Bank Info Security 2 years, 7 months ago

Open-Source Oversight: Security Gaps in IoT and OT Devices

Dashevskyi and La Spina of Forescout Technologies on IoT and OT Security PracticesPrevious studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for internet and network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.

Bank Info Security 2 years, 7 months ago

'Krasue' Linux RAT Targets Organizations in Thailand

RAT Is Tailored to Exploit Vulnerabilities in Linux Kernel VersionsHackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.