Yasna | Cybersecurity news, filtered

Bleeping Computer 2 months, 1 week ago

CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

More from Bleeping Computer 27 Mar 2026, 8:17 a.m. Actively exploited CVE-2026-33017 Artificial Intelligence CISA CVE Critical Flaw Framework Vulnerability Warning

The Hacker News 3 months ago

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai

More from The Hacker News 2 Mar 2026, 11:36 p.m. Actively exploited CVE-2026-21513 0-Day Bypass CVE Disclosure Flaw Framework Microsoft Nation State Patch Patch Tuesday Russia Threat Actor Vulnerability

Trend Micro Research, News and Perspectives 5 months, 4 weeks ago

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know

CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks).

More from Trend Micro Research, News and Perspectives 5 Dec 2025, 1:00 p.m. Actively exploited CVE-2025-55182 Authentication CVE Critical Framework Remote Code Execution Vulnerability

The Hacker News 9 months, 1 week ago

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild

More from The Hacker News 21 Aug 2025, 4:47 p.m. Actively exploited CVE-2025-43300 0-Day Apple CVE Flaw Framework Patch Report Vulnerability macOS

Trend Micro Research, News and Perspectives 1 year, 2 months ago

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.

More from Trend Micro Research, News and Perspectives 28 Mar 2025, 1:00 p.m. Actively exploited CVE-2025-26633 0-Day CVE Framework Infection Malicious Code Microsoft Research Russia Threat Actor Vulnerability

The Hacker News 1 year, 6 months ago

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild

More from The Hacker News 5 Nov 2024, 4:30 p.m. Actively exploited CVE-2024-43093 Android CVE Flaw Framework Google Privilege Escalation Sandbox Vulnerability Warning

The Hacker News 1 year, 8 months ago

Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild

More from The Hacker News 5 Sep 2024, 1:36 a.m. Actively exploited CVE-2024-32896 Android CVE Confirmation Flaw Framework Google NIST Patch Privilege Escalation Vulnerability

Bleeping Computer 3 years, 3 months ago

CISA warns of hackers exploiting ZK Java Framework RCE flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. [...]

More from Bleeping Computer 1 Mar 2023, 10:37 a.m. Actively exploited CVE-2022-36537 America CISA CVE Flaw Framework Java Remote Code Execution Threat Actor Vulnerability Warning

Trend Micro Research, News and Perspectives 4 years, 1 month ago

CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.

More from Trend Micro Research, News and Perspectives 8 Apr 2022, 12:00 p.m. Actively exploited CVE-2022-22965 Botnet CVE Framework Malware Vulnerability

The Hacker News 4 years, 1 month ago

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring

More from The Hacker News 5 Apr 2022, 7:31 p.m. Actively exploited CVE-2022-22965 America CISA CVE Critical Disclosure Flaw Framework Remote Code Execution Vulnerability Warning

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available