Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

6 headlines in this view

Showing 6 most recent headlines Filtered view

The Hacker News 1 week, 2 days ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks

More from The Hacker News 26 May 2026, 12:02 a.m. Incident · 5 stories CVE-2026-26980 API CVE Critical Disclosure Flaw JavaScript SQL Threat Actor Unauthenticated Vulnerability

The Hacker News 4 weeks, 1 day ago

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild

More from The Hacker News 5 May 2026, 7:37 p.m. Incident · 2 stories CVE-2026-22679 API Automation CVE Critical DevOps Flaw Remote Code Execution Unauthenticated Vulnerability

The Hacker News 1 month, 4 weeks ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild

More from The Hacker News 5 Apr 2026, 4:32 p.m. Incident · 10 stories Actively exploited CVE-2026-35616 API Authentication Bypass CVE Critical Flaw Fortinet Patch Privilege Escalation Vulnerability

The Hacker News 2 months ago

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale

More from The Hacker News 3 Apr 2026, 8:30 a.m. Actively exploited CVE-2025-55182 API Amazon Amazon Web Services Breach CVE Cisco Credentials Database Exploit Github Infection SSH Theft Vulnerability

The Hacker News 2 months, 2 weeks ago

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities

More from The Hacker News 21 Mar 2026, 4:15 a.m. Actively exploited CVE-2026-33017 API Authentication CVE Critical Disclosure Flaw Remote Code Execution Threat Actor Vulnerability

Bleeping Computer 1 year, 7 months ago

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

More from Bleeping Computer 24 Oct 2024, 4:05 a.m. Actively exploited CVE-2024-47575 0-Day API Artificial Intelligence CVE Credentials Critical Disclosure Flaw Fortinet Theft Vulnerability Warning