Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 3 most recent headlines Filtered view

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal SecretsMore than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.

Security Affairs 1 month, 3 weeks ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer  New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to […]

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines