Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

6 headlines in this view

Showing 6 most recent headlines Filtered view

Security Affairs 6 days, 10 hours ago

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

Bleeping Computer 11 months, 1 week ago

WinRAR patches bug letting malware launch from extracted archives

WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. [...]

More from Bleeping Computer 26 Jun 2025, 4:55 a.m. Actively exploited CVE-2025-6218 CVE Malware Patch Vulnerability

The Hacker News 1 year, 1 month ago

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS)

More from The Hacker News 25 Apr 2025, 8:43 p.m. Actively exploited CVE-2025-0282 0-Day CVE Flaw ICS Japan Malware Patch Research Vulnerability Warning

Bleeping Computer 1 year, 9 months ago

Hackers use PHP exploit to backdoor Windows systems with new malware

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). [...]

More from Bleeping Computer 21 Aug 2024, 5:49 a.m. Actively exploited CVE-2024-4577 Backdoor CVE Exploit Malware Microsoft PHP Patch Remote Code Execution Taiwan Vulnerability

Trend Micro Research, News and Perspectives 3 years, 8 months ago

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

More from Trend Micro Research, News and Perspectives 21 Sep 2022, 12:00 p.m. Actively exploited CVE-2022-26134 CVE Cryptocurrency Exploit Malware Patch Vulnerability

Trend Micro Research, News and Perspectives 4 years ago

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.

More from Trend Micro Research, News and Perspectives 31 May 2022, 12:00 p.m. Actively exploited CVE-2022-29464 CVE Cobalt Strike Linux Malware Mitigation Patch