Yasna | Cybersecurity news, filtered

Bleeping Computer 2 months, 1 week ago

CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

More from Bleeping Computer 27 Mar 2026, 8:17 a.m. Actively exploited CVE-2026-33017 Artificial Intelligence CISA CVE Critical Flaw Framework Vulnerability Warning

Bleeping Computer 3 months, 1 week ago

CISA warns that RESURGE malware can be dormant on Ivanti devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. [...]

More from Bleeping Computer 28 Feb 2026, 4:57 a.m. Actively exploited CVE-2025-0282 0-Day America Breach CISA CVE Malware Warning

Bleeping Computer 3 months, 2 weeks ago

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. [...]

More from Bleeping Computer 21 Feb 2026, 6:02 a.m. Actively exploited CVE-2026-1731 America CISA CVE Flaw Ransomware Remote Code Execution Vulnerability Warning

Bleeping Computer 3 months, 4 weeks ago

CISA warns of SmarterMail RCE flaw used in ransomware attacks

The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. [...]

More from Bleeping Computer 7 Feb 2026, 6:16 a.m. Actively exploited CVE-2026-24423 America CISA CVE Flaw Ransomware Remote Code Execution Unauthenticated Warning

The Hacker News 5 months, 3 weeks ago

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation

More from The Hacker News 11 Dec 2025, 12:54 a.m. Actively exploited CVE-2025-6218 America CISA CVE Flaw Vulnerability Warning

Bleeping Computer 6 months, 1 week ago

CISA warns Oracle Identity Manager RCE flaw is being actively exploited

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. [...]

More from Bleeping Computer 22 Nov 2025, 12:50 p.m. Actively exploited CVE-2025-61757 0-Day America CISA CVE Flaw Government Oracle Patch Remote Code Execution Warning

Bleeping Computer 8 months ago

CISA warns of critical Linux Sudo flaw exploited in attacks

Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. [...]

More from Bleeping Computer 1 Oct 2025, 2:42 a.m. Actively exploited CVE-2025-32463 CISA CVE Critical Flaw Linux Root Vulnerability Warning

The Hacker News 8 months, 2 weeks ago

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM)

More from The Hacker News 19 Sep 2025, 4:10 p.m. Actively exploited CVE-2025-4427 CVE-2025-4428 America CISA CVE Compromise Flaw Malware Mobile Threat Actor Warning

The Hacker News 8 months, 3 weeks ago

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

More from The Hacker News 12 Sep 2025, 11:03 p.m. Actively exploited CVE-2025-5086 America CISA CVE Critical Flaw Vulnerability Warning

Info Security Magazine 1 year, 1 month ago

CISA Warns of CrushFTP Vulnerability Exploitation in the Wild

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog

More from Info Security Magazine 8 Apr 2025, 11:20 p.m. Actively exploited CVE-2025-31161 CISA CVE Vulnerability Warning

The Hacker News 1 year, 7 months ago

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation

More from The Hacker News 24 Oct 2024, 1:54 a.m. Actively exploited CVE-2024-38094 America CISA CVE Flaw Microsoft Vulnerability Warning

Dark Reading 2 years, 1 month ago

Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

More from Dark Reading 4 May 2024, 4:19 a.m. Actively exploited CVE-2023-7028 CISA CVE Critical Exploit Patch Source Code Theft Warning

Bleeping Computer 2 years, 5 months ago

Hackers breach US govt agencies using Adobe ColdFusion exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...]

More from Bleeping Computer 6 Dec 2023, 6:07 a.m. Actively exploited CVE-2023-26360 Adobe America Breach CISA CVE Critical Exploit Government Initial Access Vulnerability Warning

Bleeping Computer 2 years, 8 months ago

CISA warns of critical Apache RocketMQ bug exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. [...]

More from Bleeping Computer 8 Sep 2023, 9:51 a.m. Actively exploited CVE-2023-33246 America Apache CISA CVE Critical Vulnerability Warning

Bleeping Computer 2 years, 9 months ago

CISA warns of critical Citrix ShareFile flaw exploited in the wild

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. [...]

More from Bleeping Computer 17 Aug 2023, 9:31 a.m. Actively exploited CVE-2023-24489 CISA CVE Critical Flaw Vulnerability Warning

Dark Reading 2 years, 10 months ago

CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security

A China-nexus cyber espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug — with severe threat of lateral movement, CISA warns.

More from Dark Reading 2 Aug 2023, 4:26 a.m. Actively exploited CVE-2023-2868 0-Day Backdoor CISA CVE China Email Lateral Movement Warning

Bleeping Computer 3 years, 3 months ago

CISA warns of hackers exploiting ZK Java Framework RCE flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. [...]

More from Bleeping Computer 1 Mar 2023, 10:37 a.m. Actively exploited CVE-2022-36537 America CISA CVE Flaw Framework Java Remote Code Execution Threat Actor Vulnerability Warning

Bleeping Computer 3 years, 10 months ago

CISA warns of critical Confluence bug exploited in attacks

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. [...]

More from Bleeping Computer 30 Jul 2022, 5:08 a.m. Actively exploited CVE-2022-26138 CISA CVE Credentials Critical Flaw Vulnerability Warning

The Hacker News 4 years, 1 month ago

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring

More from The Hacker News 5 Apr 2022, 7:31 p.m. Actively exploited CVE-2022-22965 America CISA CVE Critical Disclosure Flaw Framework Remote Code Execution Vulnerability Warning

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available