Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

37 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 37 Filtered view
Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal SecretsMore than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.

Bank Info Security 5 months, 1 week ago

Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam

Bitcoin Joining Fee for Affiliates and No Proven Victims Cited by ResearchersNewcomer ransomware group 0APT is being branded a "likely scam operation," not least after a list of over 200 supposed victims turned out to be bogus, if not entirely AI-generated - never mind a 1 bitcoin joining fee for would-be affiliates and outdated crypto-locking malware.

Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.

Bank Info Security 7 months, 3 weeks ago

Akira's SonicWall Hacks Are Taking Down Large Enterprises

Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn ExpertsMultiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used "unmonitored and unrotated" credentials.

Bank Info Security 10 months, 1 week ago

'The Gentlemen' Ransomware Targets Asia Pacific

Trend Micro Researchers Uncover New Ransomware StrainA newly identified ransomware group is targeting victims across the Asia Pacific region using custom-built evasion capabilities that could pose a "significant threat" to organizations, warn researchers at security firm Trend Micro. The Gentlemen deploys customized methods tailored to each target.

Bank Info Security 10 months, 2 weeks ago

Salesloft Drift Attacks Exposed Zscaler Customer Data

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.

Bank Info Security 10 months, 3 weeks ago

Drug R&D Firm's IT, Data Encrypted in Alleged Qilin Attack

Inotiv Inc. Tells SEC Some Business Operations Disrupted, No Recovery Date in SightInotiv, a drug research and development firm, told federal regulators that it's been dealing with a cyberattack since Aug. 8 that has encrypted some IT systems and data, and is disrupting certain business operations. Ransomware gang Qilin has listed the company as a victim on its dark website.

Bank Info Security 11 months, 1 week ago

On the Rise: Ransomware Victims, Breaches, Infostealers

Researchers See 'Acceleration' in Existing Threats, Ongoing Criminal SuccessCybercrime so far this year can be summarized as featuring "more of everything," with researchers tracking increases in the number of ransomware and data breach victims, credentials stolen by infostealers, and new vulnerability disclosures with exploits coming to light.

Bank Info Security 11 months, 1 week ago

SonicWall Probes Potential Zero-Day After Ransomware Hits

Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say ResearchersSonicWall said it is probing a surge in attacks against its Gen 7 firewalls, running various firmware versions, which have SSL VPN enabled. Researchers said attackers may have been exploiting a zero-day vulnerability and that multiple victims have been infected with Akira ransomware.

Bank Info Security 11 months, 3 weeks ago

US Nuclear Agency Breach Tied to SharePoint Zero-Days

Over 400 Organizations Breached Via Ongoing ToolShell Attacks, Researchers WarnThe U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises Microsoft SharePoint servers, with researchers now counting over 400 victims, including European and Middle Eastern governments.

Social Engineering Attacks Trick Victims Running Malware-Installation ScriptsAttackers are tapping TikTok to distribute videos, apparently generated using artificial intelligence tools, to trick victims into running scripts that install information-stealing malware, researchers warn. The campaign is the latest in a long line of schemes designed to distribute infostealers.

Bank Info Security 1 year, 3 months ago

Vampire Cosplay and Brand Revival: Ransomware in 2025

Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting FrayWhile the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.

Bank Info Security 1 year, 4 months ago

Russian-Speaking Hackers Goad Users into Installing Havoc

A newly discovered phishing campaign is using social engineering to dupe victims into copying, pasting, and running the Havoc command-and-control framework on their computers, warn researchers from Fortinet. "ClickFix," displays a fake error message and instructions for its supposed resolution.

Bank Info Security 1 year, 4 months ago

Ransomware Attacks Appear to Keep Surging

RansomHub, Play, Akira and Clop Among the Groups Claiming the Most VictimsRansomware operations have collectively claimed what amounts to a surge in new victims. Researchers trace much of this activity to RansomHub, Play and Akira, as well as Clop, which continues to drip-feed details about its attack on users of Cleo Communications' managed file-transfer software.

Bank Info Security 1 year, 4 months ago

Ukrainian Signal Users Fall to Russian Social Engineering

Google Expects Tactics to Spread; Global Targets and Other Services at RiskRussian nation-state hackers are using phishing attacks to target Ukrainian users of the chat app Signal, say security researchers. Rather than circumventing Signal's end-to-end encryption via a cryptographic attack, attackers use malicious prompting to prod victims into exposing messages.

Bank Info Security 1 year, 6 months ago

Ransomware Leak Sites Suggest Attacks Reached Record High

RansomHub, Play and Akira Appear to Dominate; Numerous Newcomers Join the FrayWhile ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in a one-month period, dominated by RansomHub, Play and Akira operations, plus a bevy of newcomers, researchers report.

Bank Info Security 1 year, 6 months ago

AI-Driven Ransomware Group Strikes 85 Victims

Amateurish Ransomware Group Doubles as HackstivistsCybersecurity researchers discovered an artificial intelligence-driven ransomware group that emerged at the end of last year and compromised more than 85 victims worldwide. The group uses double extortion, combining data theft with encryption.

CISOs at Organizations That Fell Victim Have a Different Story, 451 Research FindsAre your defenses against ransomware good enough to survive contact with the enemy? Don't be so sure. A new study from market researcher 451 Research finds that "overconfidence in security tooling remains an issue in the face of ransomware" for organizations that haven't yet fallen victim.

Bank Info Security 1 year, 7 months ago

Mysterious Elephant Using Hajj-Themed Bait in Attacks

Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage GoersA South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML Help file.

Loading more headlines...