Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations
Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14
A critical out-of-bounds write flaw (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution
Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild
Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos
A flaw in WinRAR, tracked as CVE-2025-8088, has been exploited by the RomCom group to deploy malware
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324
CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS
CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog
CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282
The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927
The new Remcos RAT variant identified in a new phishing campaign exploits CVE-2017-0199 via malicious Excel files