Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

20 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines Filtered view

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host

A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it

Also, France Probes Tchap Breach, M&S Cancels Bonuses, June Patch TuesdayThis week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court. Microsoft warned of AI-themed attacks. M&S canceled bonuses. France probed a Tchap breach. NHS trusts disclosed stolen data and a Telegram campaign targeted Russian troops.

Bank Info Security 1 month, 4 weeks ago

Patched OpenClaw Flaw Let Hackers Hijack AI Agents

Chainable Bugs Enable Credential Theft, Persistence, TakeoverFour chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent's own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23.

Bank Info Security 4 months, 3 weeks ago

Malicious Repo Files Could Hijack Claude Code Sessions

Flaws Let Attackers Run Commands and Steal API Keys Before Trust PromptCheck Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.…

Bank Info Security 7 months, 1 week ago

Google Patches AI Flaw That Turned Gemini Into a Spy

Zero-Click Vulnerability Let Attackers Weaponize Enterprise AI AssistantGoogle patched a vulnerability in Gemini Enterprise that allowed attackers to steal corporate data through a shared document, calendar invitation or email without any user action or security alerts. No malware was executed, no credentials were phished and no data left through approved channels.

Bank Info Security 9 months, 1 week ago

GitHub Copilot Chat Flaw Let Private Code Leak Via Images

Researcher Found Bug Could Exfiltrate Secrets Via Camo ImagesA now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding hidden prompts that hijacked the artificial intelligence assistant's responses. The exploit also used the code hosting platform's image proxy to leak the stolen data.

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft

Bank Info Security 9 months, 3 weeks ago

Salesforce Patches CRM Data Exfiltration Vulnerability

Agentforce Agentic AI Tool Was Exposed to Indirect Prompt Injection AttacksSalesforce has patched a vulnerability involving its Agentforce agentic artificial intelligence tool, discovered by researchers, that attackers could have exploited using an indirect prompt injection attack to steal sensitive customer data and leads being stored in the CRM system.

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks

Bank Info Security 1 year, 10 months ago

Slack Patches Prompt Injection Flaw in AI Tool Set

Hackers Could Exploit Bug to Manipulate Slack AI's LLM to Steal DataChat app Slack patched a vulnerability in its artificial intelligence tool set that hackers could have exploited to manipulate an underlying large language model to phish employees and steal sensitive data. Slack said it was a low-severity bug.

Hackers Could Exploit Bug on Replicate to Steal Data, Manipulate AI ModelsAttackers could have exploited a now-mitigated critical vulnerability in the Replicate artificial intelligence platform to access private AI models and sensitive data, including proprietary knowledge and personal identifiable information.