Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

158 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 158 Filtered view

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

More from Security Affairs 24 May 2026, 7:54 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 America CISA CVE Critical Exchange Server Flaw Microsoft Patch Vulnerability

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026

More from The Hacker News 15 May 2026, 5:28 p.m. Incident · 7 stories Actively exploited CVE-2026-20182 America Authentication Bypass CISA CVE Cisco Critical Disclosure Exploit Vulnerability

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge

More from The Hacker News 29 Apr 2026, 5:34 p.m. Incident · 3 stories Actively exploited CVE-2026-42208 CVE Critical Disclosure Flaw Python SQL Threat Actor Vulnerability

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig

More from The Hacker News 10 Apr 2026, 7:37 p.m. Incident · 4 stories Actively exploited CVE-2026-39987 CVE Critical Disclosure Flaw Open Source Python Remote Code Execution Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation

More from The Hacker News 28 Mar 2026, 8:07 p.m. Actively exploited CVE-2025-53521 America CISA CVE Critical F5 Flaw Remote Code Execution Threat Actor Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

More from Bleeping Computer 27 Mar 2026, 8:17 a.m. Actively exploited CVE-2026-33017 Artificial Intelligence CISA CVE Critical Flaw Framework Vulnerability Warning

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities

More from The Hacker News 21 Mar 2026, 4:15 a.m. Actively exploited CVE-2026-33017 API Authentication CVE Critical Disclosure Flaw Remote Code Execution Threat Actor Vulnerability

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. [...]

More from Bleeping Computer 26 Feb 2026, 7:01 a.m. Actively exploited CVE-2026-20127 0-Day Authentication Bypass CVE Cisco Compromise Critical Vulnerability Warning

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the

More from The Hacker News 21 Feb 2026, 4:45 a.m. Actively exploited CVE-2026-1731 CVE Critical Data Exfiltration Disclosure Flaw Threat Actor Vulnerability