Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

191 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 191 Filtered view

Chinese actors used Claude Code and DeepSeek to automate attacks that breached government systems and targeted financial firms. Hunt.io researchers stumbled onto an active intrusion campaign in June 2026 while pivoting on known TencShell command-and-control infrastructure. A single HTTP header fingerprint on port 1111 led them to 13 Hong Kong-based servers and, on one of […]

Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Agencies and Industry Coordinate Post-Quantum Migration PlansThe White House convened government officials, quantum companies and researchers to accelerate the transition to post-quantum cryptography, align public-private investments and reinforce a 2030 deadline as advances in quantum computing increase risks to today's encryption.

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations

Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor. Palo Alto Networks Unit 42 researchers published a detailed report on a Chinese-speaking threat actor, tracked as CL-STA-1062, that has been running persistent operations across East Asia since at least March 2022 and shifted focus to Southeast Asian […]

Researchers Identified Two Undocumented Variants Used Since 2023Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage capabilities, rootkit-based stealth and continued targeting of government organizations across Asia and Central America.

Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations

The Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. The post Anthropic disables new models after government calls them a national security concern appeared first on CyberScoop.

GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian, […]

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications

Proposed Bill Could Reopen Debate Over Computer Misuse Act ProtectionsThe British government has announced plans to update cybersecurity legislation aimed at strengthening the country's digital defenses - while overhauling outdated cybercrime authorities that officials and security researchers warn are no longer fit for modern threats

TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.

Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first on CyberScoop.

Loading more headlines...