Yasna | Cybersecurity news, filtered

Bleeping Computer 3 months, 4 weeks ago

CISA warns of SmarterMail RCE flaw used in ransomware attacks

The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. [...]

More from Bleeping Computer 7 Feb 2026, 6:16 a.m. Actively exploited CVE-2026-24423 America CISA CVE Flaw Ransomware Remote Code Execution Unauthenticated Warning

Bleeping Computer 7 months, 4 weeks ago

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning

Bleeping Computer 10 months ago

Exploit available for critical Cisco ISE bug exploited in attacks

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). [...]

More from Bleeping Computer 29 Jul 2025, 5:29 a.m. Actively exploited CVE-2025-20281 CVE Cisco Critical Exploit Remote Code Execution Unauthenticated Vulnerability

Trend Micro Research, News and Perspectives 10 months, 1 week ago

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

More from Trend Micro Research, News and Perspectives 22 Jul 2025, 12:00 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 Abuse CVE Flaw Insight Microsoft Patch Remote Code Execution Unauthenticated Vulnerability

The Hacker News 1 year ago

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems

More from The Hacker News 14 May 2025, 4:21 p.m. Actively exploited CVE-2025-32756 0-Day CVE Critical Flaw Fortinet Patch Remote Code Execution Unauthenticated Vulnerability

The Hacker News 1 year ago

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks

More from The Hacker News 14 May 2025, 3:13 a.m. Actively exploited CVE-2025-31324 Advanced Persistent Threat Breach CVE China Critical Critical Infrastructure Disclosure Exploit Flaw Nation State Remote Code Execution Unauthenticated Vulnerability

Bleeping Computer 1 year, 1 month ago

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

More from Bleeping Computer 20 Apr 2025, 2:05 a.m. Actively exploited CVE-2025-32433 CVE Critical Exploit Patch Remote Code Execution SSH Unauthenticated Vulnerability

Bleeping Computer 1 year, 1 month ago

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

More from Bleeping Computer 18 Apr 2025, 9:34 a.m. Actively exploited CVE-2025-32433 CVE Critical Disclosure Exploit Patch Remote Code Execution SSH Unauthenticated Vulnerability

Dark Reading 1 year, 4 months ago

Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

More from Dark Reading 14 Jan 2025, 9:44 a.m. Actively exploited CVE-2024-50603 CVE Cloud Critical Exploit Flaw Malware Remote Code Execution Unauthenticated Vulnerability

Dark Reading 1 year, 5 months ago

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

More from Dark Reading 11 Dec 2024, 11:21 a.m. Actively exploited CVE-2024-49138 CVE-2024-49112 0-Day CVE Critical Microsoft Patch Patch Tuesday Remote Code Execution Unauthenticated Vulnerability

Bleeping Computer 2 years, 7 months ago

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution. [...]

More from Bleeping Computer 28 Oct 2023, 4:11 a.m. Actively exploited CVE-2023-46747 Bypass CVE Critical F5 Remote Code Execution Unauthenticated Vulnerability

Bleeping Computer 2 years, 10 months ago

Over 15K Citrix servers vulnerable to CVE-2023-3519 RCE attacks

Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution (RCE) bug exploited by unauthenticated attackers in the wild as a zero-day. [...]

More from Bleeping Computer 23 Jul 2023, 2:07 a.m. Actively exploited CVE-2023-3519 0-Day CVE Critical Exposure Remote Code Execution Unauthenticated Vulnerability