Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Showing 7 most recent headlines Filtered view

Bank Info Security 5 months, 2 weeks ago

Nation-State and Cybercrime Exploits Tied to React2Shell

2 More Vulnerabilities Need Patching in React Server Components, Warns VercelMass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

More from Bank Info Security 16 Dec 2025, 6:30 a.m. Actively exploited CVE-2025-55182 CVE China Cryptocurrency DoS Exploit Iran Malware Nation State North Korea Vulnerability Warning

The Hacker News 1 year ago

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware

More from The Hacker News 28 May 2025, 11:00 p.m. Actively exploited CVE-2025-32432 CVE Cryptocurrency Cryptominer Disclosure Exploit Flaw Patch Remote Code Execution Threat Actor Vulnerability

Bleeping Computer 1 year, 4 months ago

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. [...]

More from Bleeping Computer 14 Jan 2025, 6:57 a.m. Actively exploited CVE-2024-50603 CVE Critical Cryptocurrency Cryptominer Exploit Flaw Remote Code Execution Threat Actor Vulnerability

Bleeping Computer 1 year, 7 months ago

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. [...]

More from Bleeping Computer 24 Oct 2024, 7:03 a.m. Actively exploited CVE-2024-4947 0-Day Aerospace CVE Chrome Cryptocurrency Exploit Fake Finance Google Hacking North Korea

Dark Reading 1 year, 9 months ago

Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking

Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.

More from Dark Reading 29 Aug 2024, 6:03 a.m. Actively exploited CVE-2023-22527 Attack Vector CVE Cloud Critical Cryptocurrency Exploit Flaw Remote Code Execution

The Hacker News 1 year, 11 months ago

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining

More from The Hacker News 7 Jun 2024, 1:14 a.m. Actively exploited CVE-2023-33246 Apache Botnet CVE Critical Cryptocurrency DoS Exploit Flaw Infection IoT Linux Malware Remote Code Execution

Trend Micro Research, News and Perspectives 3 years, 8 months ago

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

More from Trend Micro Research, News and Perspectives 21 Sep 2022, 12:00 p.m. Actively exploited CVE-2022-26134 CVE Cryptocurrency Exploit Malware Patch Vulnerability