Yasna | Cybersecurity news, filtered

Security Affairs 1 week, 4 days ago

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

The Hacker News 2 months, 2 weeks ago

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

Bleeping Computer 10 months ago

Exploit available for critical Cisco ISE bug exploited in attacks

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). [...]

More from Bleeping Computer 29 Jul 2025, 5:29 a.m. Actively exploited CVE-2025-20281 CVE Cisco Critical Exploit Remote Code Execution Unauthenticated Vulnerability

The Hacker News 1 year ago

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks

More from The Hacker News 14 May 2025, 3:13 a.m. Actively exploited CVE-2025-31324 Advanced Persistent Threat Breach CVE China Critical Critical Infrastructure Disclosure Exploit Flaw Nation State Remote Code Execution Unauthenticated Vulnerability

Bank Info Security 1 year, 1 month ago

Threat Actors Hacking SAP Critical Zero-Day

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload WebshellsThreat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

More from Bank Info Security 29 Apr 2025, 8:00 a.m. Actively exploited CVE-2025-31324 0-Day CVE Critical Disclosure Exploit Flaw Hacking Threat Actor Tools Unauthenticated Widely Used

Bleeping Computer 1 year, 1 month ago

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

More from Bleeping Computer 20 Apr 2025, 2:05 a.m. Actively exploited CVE-2025-32433 CVE Critical Exploit Patch Remote Code Execution SSH Unauthenticated Vulnerability

Bleeping Computer 1 year, 1 month ago

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

More from Bleeping Computer 18 Apr 2025, 9:34 a.m. Actively exploited CVE-2025-32433 CVE Critical Disclosure Exploit Patch Remote Code Execution SSH Unauthenticated Vulnerability

Dark Reading 1 year, 4 months ago

Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

More from Dark Reading 14 Jan 2025, 9:44 a.m. Actively exploited CVE-2024-50603 CVE Cloud Critical Exploit Flaw Malware Remote Code Execution Unauthenticated Vulnerability

Bleeping Computer 2 years, 2 months ago

Exploit available for new critical TeamCity auth bypass bug, patch now

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. [...]

More from Bleeping Computer 5 Mar 2024, 11:42 a.m. Actively exploited CVE-2024-27198 Bypass CVE Critical Exploit Patch Unauthenticated Vulnerability

Dark Reading 3 years, 10 months ago

Patch Now: Atlassian Confluence Bug Under Active Exploit

Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.

More from Dark Reading 29 Jul 2022, 6:22 a.m. Actively exploited CVE-2022-26138 CVE Critical Disclosure Exploit Patch Unauthenticated

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available