Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view

Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."…

Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.…

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes automatically when a file containing the poisoned metadata is loaded.…

Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.…

LLMs and 0-days - what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check Point cybersecurity evangelist Amit Weigman.…

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Infosec in brief There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.…

About a thousand vulnerable instances still exposed online, we're told A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.…

Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders Thousands of companies remain vulnerable to a remote-code-execution bug in Ray, an open-source AI framework used by Amazon, OpenAI, and others, that is being abused by miscreants in the wild to steal sensitive data and illicitly mine for cryptocurrency.…

Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation.…

PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities Infosec in brief The European Union’s Parliament and Council have reached an agreement on the Cyber Resilience Act (CRA), setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software.…

Loading more headlines...