Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security FixesThe popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated.

As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk

Bank Info Security 1 month, 2 weeks ago

AI Governance Playbook Calls for Enterprise Risk Controls

Healthcare Coordinating Council Highlights AI Risks, Potential Medical MishapsHealthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework.

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a