Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

30 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 30 Filtered view

Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend […]

Also, Eurail Breach, ChipSoft Hospital Disruptions, W3LL Phishing TakedownThis week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda scams, major data leaks hit healthcare and China, ransomware and phishing ops surged, and multiple breaches impacted firms and hospitals.

Bank Info Security 3 months, 3 weeks ago

Breach Roundup: Tycoon2FA Phishing Platform Rebounds

Also, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and FranceThis week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim surge.

Here's where you ought to spend your security billable hours budget this year Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials. …

Also, More ClickFix Attacks and Teen Booters Arrested in PolandThis week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress sites, Microsoft patched 80 bugs, a 14K-router botnet, Polish teens held over DDoS tools and Finland warned of Russian, Chinese espionage. North Korean IT workers for hire.

Also: Spanish Hacker Granted Russian Asylum, Microsoft Patches Zero-DaysThis week, a CISA warning, Nest footage in Nancy Guthrie case, Signal phishing. Spanish hacker, Russian asylum. Spanish ministry services offline. BYOVD ransomware. The Conduent breach hit Volvo. Microsoft patched zero-days. ZeroDayRAT targeted devices. The SmarterMail breach. Another Fortinet flaw.

A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious disclosure dispute has erupted, with both sides accusing each other of acting in bad faith. [...]

Bank Info Security 1 year, 2 months ago

Breach Roundup: Surge in Edge Device Zero-Day Exploits

Also, Baltimore Public Schools Suffer Data Breach, Disney Menu Hacker SentencedThis week, zero-day exploits surged, accused Nefilim hacker extradited, Baltimore schools breach, CISA lists Broadcom Brocade, Commvault flaws, a fake WooCommerce patch, Akira hit Hitachi Vantara, ex-Disney worker sentenced and a Darcula phishing kit upgrade. FBI published 42,000 phishing domains.

Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.…

Bank Info Security 1 year, 3 months ago

Breach Roundup: Signal Is Safe

Also: FamousSparrow Is Back, Snowflake Hacker Agrees to ExtraditionThis week, Signal update, FamousSparrow is back, suspected Snowflake hacker agreed to U.S. extradition, train tickets sales hack in Ukraine, a patched Chrome zero-day, phishing targets SEO pros, DrayTek router outage, South African chicken producer attacked, and bad npm packages.

Bank Info Security 1 year, 4 months ago

Breach Roundup: The Ivanti Patch Treadmill

Also: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension AttackThis week, Ivanti EPM customers should patch, Patch Tuesday, fake extensions mimic legitimate add-ons, a key figure in Italy's Equalize scandal dead of heart attack, and convincing fake browser extensions. Also, Apache Camel flaw, OpenAI's agent automates phishing and Apple patched another zero day.

Loading more headlines...