Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 14 most recent headlines Filtered view

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution

Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances

Bank Info Security 11 months, 3 weeks ago

Honeywell Smart Building Middleware Vulnerable

Researchers Find Flaws in Tridium Niagara FrameworkVulnerabilities in Honeywell smart building middleware could allow hackers to manipulate physical systems or disable security alarms, warn security researchers. Hackers would already need access to the network. An attack would also depend on the Tridium Niagara customer not encrypting Syslog data.

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft

Bank Info Security 2 years, 3 months ago

ShadowRay Attack Strikes AI Workloads

Thousands of AI Workloads Compromised Amid CVE Vulnerability DisputeAn active attack campaign dubbed ShadowRay is targeting the widely used Ray open-source artificial intelligence scaling framework. It stems from a vulnerability that researchers say is a flaw but that Ray's developers say is a deliberate design choice.

Bank Info Security 2 years, 5 months ago

Popular GPUs Used in AI Systems Vulnerable to Memory Leak

LeftoverLocals Affects Apple, AMD and Qualcomm DevicesResearchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Bank Info Security 2 years, 5 months ago

Popular GPUs Used AI Systems Vulnerable to Memory Leak Flaw

LeftoverLocals Affects Apple, AMD and Qualcomm DevicesResearchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Trend Micro says vulnerable systems in Singapore have been compromised There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to execute the Mirai botnet.…