Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

56 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 56 Filtered view
Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Bank Info Security 2 months, 2 weeks ago

Researchers Find 38 Flaws in OpenEMR. They've Been Fixed

AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity VulnerabilitiesResearchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems.

Bank Info Security 3 months, 1 week ago

Zero Days for the Masses: Mythos Presages Exploit Tsunami

Asymmetry Between Exploits Wielded by Nation-States and Hackers Will DisappearAnthropic's announcement that its Mythos Preview large language model can find serious zero-day flaws across all manner of code bases old and new, and quickly chain vulnerabilities together to build working exploits, promises to democratize access to such capabilities.

Bank Info Security 3 months, 1 week ago

ISMG Editors: Anthropic Bug Finder Sparks Zero-Day Dread

Also: How AI May Democratize Cybercrime and How Everyday Routers Enable EspionageIn this week's ISMG panel, four ISMG editors discussed big shifts in cybersecurity: Anthropic's "dangerous" new AI model that can uncover thousands of zero-days, growing concerns about a surge in AI-driven flaws, and the FBI disrupting a Russian espionage campaign targeting everyday routers.

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management ServerFortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Bank Info Security 3 months, 2 weeks ago

Breach Roundup: Feds Confirm 'Major' Hack of FBI System

Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key ActivityThis week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K.

Bank Info Security 4 months, 4 weeks ago

Breach Roundup: Cambodia Scam Center Crackdown

Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-DayThis week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.

Bank Info Security 5 months, 3 weeks ago

Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

Bank Info Security 6 months, 2 weeks ago

Breach Roundup: Clop Tied to Korean Air Vendor Breach

Also: China-Linked APT Hijack Updates, Condé Nast Data Leaked, La Poste HitThis week, a Clop-linked vendor breach hit Korean Air, a China-linked APT hijacked software updates, a critical zero-day flaw remained unpatched, Condé Nast faced a data leak, La Poste was disrupted and Korean police extradited a malware operation suspect.

Bank Info Security 6 months, 4 weeks ago

Chinese Hackers Targeting Cisco Email Gateways

Cisco Talos Attributes Campaign to UAT-9686Likely Chinese nation-state hackers are exploiting an unpatched flaw in Cisco email appliances as part of an ongoing campaign to gain persistent access. Hackers have been exploiting since mid-November a zero-day in the Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code ExecutionAn attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Bank Info Security 8 months ago

Hackers Exploited Cisco ISE Zero-Day

Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

Bank Info Security 8 months, 1 week ago

Samsung Zero-Day Flaw Exploited by 'Landfall' Spyware

Spyware Targets Samsung Galaxy Devices, Says Unit 42Hackers used previously unknown commercial spyware dubbed "Landfall" to surveil the activities of Samsung Galaxy device owners in the Middle East, say security researchers who posit the threat actor has connections to the United Arab Emirates.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last MonthAffiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Deploy Emergency Patch for Zero-Day Flaw, Hunt for Signs of Intrusion, Warn ExpertsOracle patched a zero-day vulnerability in Oracle E-Business Suite and urged customers to immediately install the fix. The flaw has been exploited since August by the Clop ransomware group, and with exploit code now having leaked, experts expect to see many more attackers join the fray.

Bank Info Security 9 months, 2 weeks ago

Breach Roundup: FTC Sues Sendit Over Kid's Data Collection

Also, Cyberattack Disrupts Asahi’s Japan Operations, Halts ProductionThis week, FTC sued Sendit, another Harrods breach, Allianz data breach and a cyberattack disrupted Asahi's Japan operations. WestJet disclosed data theft. Hackers targeted Kido Nursery chain, a VMware privilege escalation flaw was exploited as zero-day, DarkCloud infostealer resurfaced.

Bank Info Security 10 months, 2 weeks ago

Attackers Exploit Sitecore Zero Day

Mandiant Reveals Critical Flaw Exposes Sitecore ProductsAttackers exploited a now-patched zero-day vulnerability in a popular content management system that powers websites for companies including HSBC, L’Oréal, Toyota and United Airlines. Attackers used a cryptography key stored in some deployments to force the system into loading malware.

Bank Info Security 10 months, 3 weeks ago

Nuance Agrees to Pay $8.5M to Settle MOVEit Hack Litigation

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still PendingNuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.

Loading more headlines...