Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. [...]
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...]
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]
Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. [...]
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS)
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.
Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data.
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. [...]
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. [...]
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. [...]
A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced. [...]
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. [...]
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. [...]
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. [...]
Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites. [...]