Yasna | Cybersecurity news, filtered

The Hacker News 5 days, 11 hours ago

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability

More from The Hacker News 30 May 2026, 2:39 a.m. Incident · 4 stories Actively exploited CVE-2026-39987 CVE Cloud Compromise Credentials Disclosure Exploit Initial Access Threat Actor Vulnerability

The Hacker News 3 months, 2 weeks ago

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges

More from The Hacker News 20 Feb 2026, 6:40 a.m. CVE-2026-26119 CVE Cloud Disclosure Flaw Microsoft Patch Privilege Escalation Tools Vulnerability

The Hacker News 8 months, 1 week ago

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS)

More from The Hacker News 24 Sep 2025, 7:15 p.m. CVE-2025-51591 Amazon Amazon Web Services CVE Cloud Credentials Exploit Flaw Identity and Access Management Linux Theft Vulnerability

Dark Reading 1 year, 4 months ago

Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

More from Dark Reading 14 Jan 2025, 9:44 a.m. Actively exploited CVE-2024-50603 CVE Cloud Critical Exploit Flaw Malware Remote Code Execution Unauthenticated Vulnerability

Dark Reading 1 year, 7 months ago

3 More Ivanti Cloud Vulns Exploited in the Wild

The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).

More from Dark Reading 10 Oct 2024, 7:47 a.m. Actively exploited CVE-2024-8963 CVE Cloud Critical Disclosure Vendor Vulnerability

Dark Reading 1 year, 8 months ago

Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised

Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.

More from Dark Reading 17 Sep 2024, 9:04 a.m. Actively exploited CVE-2024-8190 Abuse CVE Cloud Exploit Flaw Threat Actor Vulnerability

Bleeping Computer 2 years, 6 months ago

Hackers exploit Looney Tunables Linux bug, steal cloud creds

The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system. [...]

More from Bleeping Computer 7 Nov 2023, 9:26 a.m. Actively exploited CVE-2023-4911 CVE Cloud Exploit Linux Malware Root Theft Vulnerability

Trend Micro Research, News and Perspectives 3 years, 8 months ago

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.

More from Trend Micro Research, News and Perspectives 14 Sep 2022, 12:00 p.m. Actively exploited CVE-2020-14882 Abuse Antivirus Blocked CVE Cloud Trend Micro Vulnerability

Bleeping Computer 4 years, 1 month ago

Amazon Web Services fixes container escape in Log4Shell hotfix

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. [...]

More from Bleeping Computer 20 Apr 2022, 8:45 p.m. Actively exploited CVE-2021-44228 Amazon Amazon Web Services CVE Cloud Critical Fixed Java Library Log4Shell Log4j Patch Vulnerability

Trend Micro Research, News and Perspectives 4 years, 1 month ago

Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™

We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847. 

More from Trend Micro Research, News and Perspectives 6 Apr 2022, 12:00 p.m. Actively exploited CVE-2022-0847 Antivirus CVE Cloud Linux Trend Micro Vulnerability

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available