Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

15 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 15 most recent headlines Filtered view
Bank Info Security 20 hours, 24 minutes ago

CISA Adds FortiSandbox Bugs to KEV Catalog

Agencies Have Until Sunday to Patch Two Critical Command Injection FlawsCISA added two critical FortiSandbox command injection vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active attacks. Experts warn that unauthenticated remote code execution could let attackers compromise malware analysis systems and pivot deeper into enterprise networks.

Also, US Sanction Cybercrime Enablers, Celine Dion Ticket ScamThis week, ransomware victims paying less, cybercrime sanctions, Celine Dion ticket scams, 23andMe to pay $18 million, a 13-year old Daixin infection, Spiral ransomware, Patch Tuesday, CISA ordered rapid SharePoint patching and Spanish police busted a cybercrime ring. Sore Egyptian World Cup losers.

Also, France Probes Tchap Breach, M&S Cancels Bonuses, June Patch TuesdayThis week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court. Microsoft warned of AI-themed attacks. M&S canceled bonuses. France probed a Tchap breach. NHS trusts disclosed stolen data and a Telegram campaign targeted Russian troops.

Also: Spanish Hacker Granted Russian Asylum, Microsoft Patches Zero-DaysThis week, a CISA warning, Nest footage in Nancy Guthrie case, Signal phishing. Spanish hacker, Russian asylum. Spanish ministry services offline. BYOVD ransomware. The Conduent breach hit Volvo. Microsoft patched zero-days. ZeroDayRAT targeted devices. The SmarterMail breach. Another Fortinet flaw.

Bank Info Security 5 months, 2 weeks ago

Breach Roundup: Android RAT Hides Behind Hugging Face

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads GuiltyThis week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

CISA Says Agencies Believed They Patched Cisco Flaws But Had NotThe U.S. cyber defense agency issued new patch guidance after discovering multiple federal agencies failed to properly secure Cisco firewalls, leaving federal networks exposed to exploitation by a suspected Chinese threat actor despite a prior emergency directive.

Federal Agencies Ordered to Patch or Decommission F5 Devices Amid Imminent RiskAn advanced nation-state threat actor stole sensitive F5 source code and vulnerability data to craft tailored exploits, prompting an emergency directive amid a U.S. government shutdown that has left cyber defenses strained and federal networks at "imminent risk."

Bank Info Security 1 year, 2 months ago

Breach Roundup: Surge in Edge Device Zero-Day Exploits

Also, Baltimore Public Schools Suffer Data Breach, Disney Menu Hacker SentencedThis week, zero-day exploits surged, accused Nefilim hacker extradited, Baltimore schools breach, CISA lists Broadcom Brocade, Commvault flaws, a fake WooCommerce patch, Akira hit Hitachi Vantara, ex-Disney worker sentenced and a Darcula phishing kit upgrade. FBI published 42,000 phishing domains.

Bank Info Security 1 year, 3 months ago

Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All

CISA Publishes Anatomy of Advanced Ivanti VPN MalwareHackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware "contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler."

Bank Info Security 1 year, 5 months ago

Hackers Are Exploiting Trimble Cityworks, CISA Warns

Feds Order Agencies to Patch Critical Flaw in Widely Used Local Government SystemHackers are exploiting a critical vulnerability in Trimble's Cityworks platform, an infrastructure management tool used by governments that enables remote code execution on Microsoft IIS web servers. CISA has ordered federal civilian agencies to patch a critical vulnerability by Feb. 28.

Bank Info Security 1 year, 8 months ago

CISA Warns of Active Attacks on Critical Palo Alto Exploit

CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack DiscoveryThe Cybersecurity and Infrastructure Security agency warned Palo Alto Networks that a critical vulnerability the technology giant previously patched has been actively exploited since then, according to a new advisory, potentially exposing configuration secrets and credentials.

Bank Info Security 2 years, 2 months ago

GitLab Hackers Use 'Forgot Your Password' to Hijack Accounts

US CISA Orders Federal Agencies to Apply January PatchThe U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January. The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox.

Bank Info Security 2 years, 5 months ago

Chinese Hackers Preparing 'Destructive Attacks,' CISA Warns

Officials Say Hackers Are Evading Detection on Critical Infrastructure NetworksThe U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.

Bank Info Security 2 years, 5 months ago

CISA Directs Agencies to Mitigate Ivanti Zero-Day Exploits

US Agencies Told to Remove Ivanti's Affected Products From Federal NetworksThe U.S. Cybersecurity and Infrastructure Security Agency directed federal agencies to implement mitigation measures for two zero-day exploits that affect Ivanti’s popular VPN products while they await a patch, in what one official described as "a rapidly evolving situation."

Bank Info Security 2 years, 7 months ago

CISA Urges Patching as Hackers Exploit 'Looney Tunables' Bug

Kinsing Threat Actor Observed Targeting Vulnerable Cloud Environments With New FlawThe Cybersecurity and Infrastructure Security Agency is requiring federal agencies to patch Linux devices on their networks and urging private sector organizations to do the same after security researchers observed threat actors exploiting a new vulnerability on many major Linux distributions.