Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

177 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 177 Filtered view

Researchers uncovered 222 GitHub repositories spreading malware through fake Go packages, delivering loaders, stealers, RATs, and cryptominers. Socket’s security research team started with the investigation of a single malicious Go module: github[.]com/kaleidora/dnsub-scanning-tool, which presented itself as a DNS and subdomain scanning utility. Pulling on that thread exposed something significantly larger: a network of 222 confirmed […]

Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

RustDuck is a small, evolving DDoS botnet migrating to Rust. It uses advanced encryption, anti-analysis evasion, and exploits known IoT flaws. Since February 2026, researchers at QiAnXin’s XLab have been tracking a new malware family, called RustDuck, that hijacks routers, cameras, Android set-top boxes, and exposed servers, then uses them to flood targets with junk […]

24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th containing 24 billion records and more than 8.3 terabytes of data. They triple-checked the numbers. […]

Also: Zcash Patches Flaw, $32M Humanity Protocol HackThis week, a key player in a $97M laundering scheme got prison time, Humanity Protocol suffered $32M in losses, Zcash patched a flaw, the EU targeted crypto platforms tied to Russia, authorities froze $3.8M in illicit funds and researchers exposed a Trezor chip weakness.

Researchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat. […]

Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack […]

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage […]

Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first on CyberScoop.

Loading more headlines...