Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view
Bank Info Security 5 months, 2 weeks ago

Nation-State and Cybercrime Exploits Tied to React2Shell

2 More Vulnerabilities Need Patching in React Server Components, Warns VercelMass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

More from Bank Info Security 16 Dec 2025, 6:30 a.m. Actively exploited CVE-2025-55182 CVE China Cryptocurrency DoS Exploit Iran Malware Nation State North Korea Vulnerability Warning

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware

More from The Hacker News 28 May 2025, 11:00 p.m. Actively exploited CVE-2025-32432 CVE Cryptocurrency Cryptominer Disclosure Exploit Flaw Patch Remote Code Execution Threat Actor Vulnerability
Trend Micro Research, News and Perspectives 2 years ago

Decoding Water Sigbin's Latest Obfuscation Tricks

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

More from Trend Micro Research, News and Perspectives 30 May 2024, 12:00 p.m. Actively exploited CVE-2017-3506 CVE-2023-21839 CVE Cryptocurrency Oracle PowerShell Threat Actor Vulnerability
Trend Micro Research, News and Perspectives 2 years, 6 months ago

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.

More from Trend Micro Research, News and Perspectives 20 Nov 2023, 1:00 p.m. Actively exploited CVE-2023-46604 Apache CVE Cryptocurrency Cryptominer Linux Malware Vulnerability
Trend Micro Research, News and Perspectives 3 years, 8 months ago

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

More from Trend Micro Research, News and Perspectives 21 Sep 2022, 12:00 p.m. Actively exploited CVE-2022-26134 CVE Cryptocurrency Exploit Malware Patch Vulnerability
Trend Micro Research, News and Perspectives 4 years, 1 month ago

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.

More from Trend Micro Research, News and Perspectives 20 Apr 2022, 12:00 p.m. Actively exploited CVE-2022-22965 CVE Cryptocurrency Remote Code Execution Vulnerability