Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

35 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 35 Filtered view
Bank Info Security 2 months, 1 week ago

BlueVoyant Prepares SaaS Push Under New CEO John Hernandez

BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCsBlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.

Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company’s source code, secrets, and other sensitive data.…

Bank Info Security 3 months, 4 weeks ago

Pentagon Warns Anthropic Could 'Subvert' Defense AI Systems

New Filing Frames Anthropic Dispute as Operational Control Issue - Not Free SpeechThe Justice Department is arguing in a new court filing that Anthropic's ability to update guardrails and behavior post-deployment creates unacceptable supply-chain risks, warning that vendor access to AI systems could enable manipulation or failure in mission-critical defense operations.

AI Shutdown Risk Exposes Governance Gaps and Vendor Dependency ConcernsThe federal government's recent decision to designate Anthropic, maker of the Claude AI platform, as a "supply-chain risk" should raise alarm bells for technology leaders who are tasked with embedding AI systems across the enterprise. Going all-in with a single AI vendor can be risky.

Growing Third-Party Breach Trend Is Spreading to AI SuppliersIT organizations have built processes for reducing vendor risk, but in the AI era, that operating model is being dismantled. Modern AI environments are built on dynamic external foundational models, countless APIs, open-source components and continuous data pipelines that pose risks.

Bank Info Security 8 months, 2 weeks ago

Nation-State Breach Hits Ribbon Communications

SEC Filing Reveals Telecom Vendor Was Compromised for Nearly a YearA nation-state threat actor carried out a supply chain attack targeting Ribbon Communications, a leading U.S. provider of telecom and networking infrastructure, and may have maintained access within its systems for nearly a year. Ribbon said it became aware of the activity in early September.

HyperComply's AI Automation Reduces Vendor RFP Questionnaire Work by 92%SecurityScorecard is acquiring HyperComply to streamline third-party risk assessments with AI that automates most security questionnaire responses. The deal supports SecurityScorecard’s shift from ratings-only to a full solutions platform for mitigating supply chain risk.

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected

Australian Payments Plus' Cody Kieltyka on Using Approaches Beyond QuestionnairesUnderstanding vendor interdependencies is too complex for humans alone, said Cody Kieltyka, CISO at Australian Payments Plus. While questionnaires remain common for supply chain risk management, they need supplementation with dark web monitoring and incident response planning with critical vendors.

But can you really take crims at their word? Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October security update was circumvented, leading to widespread ransomware attacks that Russia-linked gang Cl0p has claimed are its evil work.…

Loading more headlines...