Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

70 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 70 Filtered view

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.…

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale

Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…

Bank Info Security 4 months, 3 weeks ago

Malicious Repo Files Could Hijack Claude Code Sessions

Flaws Let Attackers Run Commands and Steal API Keys Before Trust PromptCheck Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.

Anthropic fixed the flaws - but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API keys by injecting malicious configurations into repositories, and then waiting for a developer to clone and open an untrustworthy project.…

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft

Are you a good bot or a bad bot? More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and other personal data. Even worse: many of these are still available on the Chrome Web Store as of this writing.…

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization

Bank Info Security 5 months, 4 weeks ago

Anthropic's Cowork Shipped With Known Vulnerability

AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.

Loading more headlines...