Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

26 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 26 Filtered view

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions

Also: Google Fixes YouTube Vulnerabilities That Could Have Exposed User EmailsThis week: Microsoft, Ivanti and Google release fixes for critical vulnerabilities and urge priority patching; Lee Enterprises confirms a cyberattack disrupted newspaper operations; and thousands of KerioControl Firewalls exposed to critical remote code execution flaws.

Bank Info Security 2 years, 1 month ago

Internet-Exposed OT Devices at Risk Amid Israel-Hamas War

Cyberattack on Aliquippa Water Plant Highlights Vulnerabilities in OT SystemsThe onset of war between Israel and Hamas led to a spike in cyberattacks against operational technology, says Microsoft in a warning to critical infrastructure operators about the dangers of internet-exposed operational technology.

'BingBang' boo-boo affected other internal Microsoft apps, too A misconfiguration in Microsoft's Azure Active Directory (AAD) could have allowed miscreants to subvert Microsoft's Bing search engine – even changing search results. User information including Outlook emails, calendars and Teams messages was also vulnerable.…

More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits. [...]

Loading more headlines...