Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Showing 7 most recent headlines Filtered view

Security Affairs 6 days, 9 hours ago

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

The Hacker News 7 months, 4 weeks ago

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks

More from The Hacker News 6 Oct 2025, 6:15 p.m. Actively exploited CVE-2025-61882 CVE Compromise Critical Flaw Oracle Patch Theft Unauthenticated Vulnerability

Bleeping Computer 7 months, 4 weeks ago

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning

Bleeping Computer 10 months, 3 weeks ago

Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

More from Bleeping Computer 8 Jul 2025, 10:57 a.m. Actively exploited CVE-2025-5777 CVE Citrix Critical Exploit Flaw Patch PoC Research Theft Vulnerability Warning

Bleeping Computer 1 year, 7 months ago

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

More from Bleeping Computer 24 Oct 2024, 4:05 a.m. Actively exploited CVE-2024-47575 0-Day API Artificial Intelligence CVE Credentials Critical Disclosure Flaw Fortinet Theft Vulnerability Warning

Dark Reading 2 years, 1 month ago

Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

More from Dark Reading 4 May 2024, 4:19 a.m. Actively exploited CVE-2023-7028 CISA CVE Critical Exploit Patch Source Code Theft Warning

Bleeping Computer 3 years, 2 months ago

Critical Microsoft Outlook bug PoC shows how easy it is to exploit

Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]

More from Bleeping Computer 16 Mar 2023, 6:00 a.m. Actively exploited CVE-2023-23397 CVE Critical Email Exploit Microsoft Passwords PoC Research Theft Vulnerability