Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw, tracked as CVE-2026-8398, […]

More from Security Affairs 29 May 2026, 1:14 a.m. Incident · 2 stories Actively exploited CVE-2026-8398 America CISA CVE Flaw Microsoft Tools Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

More from Security Affairs 24 May 2026, 7:54 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 America CISA CVE Critical Exchange Server Flaw Microsoft Patch Vulnerability

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit

More from The Hacker News 3 Feb 2026, 10:12 p.m. Actively exploited CVE-2026-21509 CVE Disclosure Flaw Hacking Malware Microsoft Microsoft Office Nation State Russia Threat Actor Ukraine Zscaler

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

More from The Hacker News 23 Jul 2025, 4:40 p.m. Actively exploited CVE-2025-49704 CVE-2025-49706 America CISA CVE China Exploit Flaw Microsoft Vulnerability
Trend Micro Research, News and Perspectives 10 months, 1 week ago

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

More from Trend Micro Research, News and Perspectives 22 Jul 2025, 12:00 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 Abuse CVE Flaw Insight Microsoft Patch Remote Code Execution Unauthenticated Vulnerability

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. [...]

More from Bleeping Computer 21 Jul 2025, 4:41 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 0-Day CVE Compromise Flaw Microsoft Patch Remote Code Execution Vulnerability

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States

More from The Hacker News 7 May 2025, 10:44 p.m. Actively exploited CVE-2025-29824 0-Day America Antivirus Breach CVE Flaw Microsoft Patch Privilege Escalation Ransomware Symantec Threat Actor

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild

More from The Hacker News 18 Apr 2025, 4:29 p.m. Actively exploited CVE-2025-24054 America CISA CVE Credentials Disclosure Flaw Microsoft NTLM Vulnerability

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a

More from The Hacker News 26 Mar 2025, 5:56 p.m. Actively exploited CVE-2025-2783 0-Day CVE Chrome Exploit Flaw Google Microsoft Patch Russia Vulnerability

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation

More from The Hacker News 24 Oct 2024, 1:54 a.m. Actively exploited CVE-2024-38094 America CISA CVE Flaw Microsoft Vulnerability Warning

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates

More from The Hacker News 15 Feb 2024, 6:19 p.m. Actively exploited CVE-2024-21410 CVE Critical Disclosure Exchange Server Flaw Microsoft Patch Patch Tuesday Privilege Escalation Vulnerability

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [...]

More from Bleeping Computer 5 Dec 2023, 9:14 a.m. Actively exploited CVE-2023-23397 CVE Flaw Microsoft Nation State Russia Sensitive Information Theft Warning