Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

13 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 13 most recent headlines Filtered view
Trend Micro Research, News and Perspectives 7 months, 2 weeks ago

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.

More from Trend Micro Research, News and Perspectives 15 Oct 2025, 1:00 p.m. Actively exploited CVE-2025-20352 CVE Cisco Exploit Remote Code Execution Research Rootkit Vulnerability

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

More from Bleeping Computer 8 Jul 2025, 10:57 a.m. Actively exploited CVE-2025-5777 CVE Citrix Critical Exploit Flaw Patch PoC Research Theft Vulnerability Warning

NetScaler vendor issued a patch but otherwise, stony silence Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of users still haven't patched.…

More from The Register 8 Jul 2025, 8:31 a.m. Actively exploited CVE-2025-5777 CVE Citrix Critical Exploit Patch Research Vendor Warning
Trend Micro Research, News and Perspectives 1 year, 2 months ago

CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin

Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data.

More from Trend Micro Research, News and Perspectives 25 Mar 2025, 1:00 p.m. Actively exploited CVE-2025-26633 0-Day CVE Exploit Malicious Code Microsoft Research Russia Threat Actor Vulnerability

Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. [...]

More from Bleeping Computer 12 Feb 2025, 4:56 a.m. Actively exploited CVE-2024-53704 Authentication CVE Critical Exploit Firewalls Patch Research VPN Vulnerability

Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. [...]

More from Bleeping Computer 6 Jan 2024, 6:32 a.m. Actively exploited CVE-2023-33246 CVE-2023-37582 Apache CVE Exploit Flaw Remote Code Execution Research Vulnerability

Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]

More from Bleeping Computer 16 Mar 2023, 6:00 a.m. Actively exploited CVE-2023-23397 CVE Critical Email Exploit Microsoft Passwords PoC Research Theft Vulnerability

Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. [...]

More from Bleeping Computer 9 May 2022, 4:35 a.m. Actively exploited CVE-2022-1388 CVE Critical Disclosure Exploit F5 Flaw Patch Remote Code Execution Research Vulnerability Warning