Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

6 headlines in this view

Showing 6 most recent headlines Filtered view

The Hacker News 3 months ago

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai

More from The Hacker News 2 Mar 2026, 11:36 p.m. Actively exploited CVE-2026-21513 0-Day Bypass CVE Disclosure Flaw Framework Microsoft Nation State Patch Patch Tuesday Russia Threat Actor Vulnerability

The Hacker News 4 months, 1 week ago

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks

More from The Hacker News 27 Jan 2026, 8:19 p.m. Actively exploited CVE-2026-21509 0-Day Bypass CVE Microsoft Microsoft Office Patch Vulnerability

Trend Micro Research, News and Perspectives 2 years, 2 months ago

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.

More from Trend Micro Research, News and Perspectives 13 Mar 2024, 1:00 p.m. Actively exploited CVE-2024-21412 0-Day Advanced Persistent Threat Bypass CVE Exploit Microsoft

Bleeping Computer 2 years, 4 months ago

Windows SmartScreen flaw exploited to drop Phemedrone malware

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [...]

More from Bleeping Computer 16 Jan 2024, 7:32 a.m. Actively exploited CVE-2023-36025 Antivirus Bypass CVE Exploit Flaw Malware Microsoft Theft Vulnerability

Trend Micro Research, News and Perspectives 2 years, 4 months ago

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

More from Trend Micro Research, News and Perspectives 12 Jan 2024, 1:00 p.m. Actively exploited CVE-2023-36025 Bypass CVE Evasion Malware Microsoft Vulnerability

Dark Reading 2 years, 6 months ago

Exploit for Critical Windows Defender Bypass Goes Public

Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.

More from Dark Reading 22 Nov 2023, 10:29 a.m. Actively exploited CVE-2023-36025 0-Day Bypass CVE Critical Exploit Microsoft Patch Threat Actor Vulnerability