Yasna | Cybersecurity news, filtered

Security Affairs 20 hours, 36 minutes ago

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

More from Security Affairs 3 Jun 2026, 5:03 p.m. CVE-2026-0826 CVE Critical Disclosure Patch Remote Code Execution Root Unauthenticated VoIP

The Hacker News 1 week, 2 days ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks

More from The Hacker News 26 May 2026, 12:02 a.m. Incident · 5 stories CVE-2026-26980 API CVE Critical Disclosure Flaw JavaScript SQL Threat Actor Unauthenticated Vulnerability

Security Affairs 1 week, 4 days ago

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

The Hacker News 4 weeks, 1 day ago

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck

More from The Hacker News 5 May 2026, 11:56 p.m. Incident · 5 stories CVE-2026-29014 CVE Critical Flaw Open Source PHP Remote Code Execution Threat Actor Unauthenticated Vulnerability

The Hacker News 4 weeks, 1 day ago

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild

More from The Hacker News 5 May 2026, 7:37 p.m. Incident · 2 stories CVE-2026-22679 API Automation CVE Critical DevOps Flaw Remote Code Execution Unauthenticated Vulnerability

The Hacker News 2 months, 1 week ago

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution

More from The Hacker News 21 Mar 2026, 11:24 p.m. CVE-2026-21992 Authentication CVE Critical Flaw Oracle Patch Remote Code Execution Unauthenticated Vulnerability

Bleeping Computer 2 months, 2 weeks ago

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]

More from Bleeping Computer 21 Mar 2026, 7:48 a.m. CVE-2026-21992 CVE Critical Flaw Oracle Remote Code Execution Security Update Unauthenticated Vulnerability

The Hacker News 2 months, 2 weeks ago

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

The Hacker News 2 months, 2 weeks ago

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges

More from The Hacker News 19 Mar 2026, 1:30 a.m. CVE-2026-32746 CVE Critical Disclosure Flaw Remote Code Execution Research Root Unauthenticated Vulnerability

Dark Reading 3 months, 2 weeks ago

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

More from Dark Reading 19 Feb 2026, 10:15 a.m. CVE-2026-2329 CVE Critical Fraud Root Unauthenticated VoIP

The Hacker News 4 months, 1 week ago

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild

More from The Hacker News 22 Jan 2026, 5:06 p.m. Actively exploited CVE-2026-20045 0-Day CVE Cisco Critical Patch Unauthenticated Vulnerability

The Hacker News 7 months, 4 weeks ago

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks

More from The Hacker News 6 Oct 2025, 6:15 p.m. Actively exploited CVE-2025-61882 CVE Compromise Critical Flaw Oracle Patch Theft Unauthenticated Vulnerability

Bleeping Computer 7 months, 4 weeks ago

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning

The Hacker News 9 months, 3 weeks ago

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild

More from The Hacker News 13 Aug 2025, 11:37 p.m. CVE-2025-25256 CVE Critical Exploit Flaw Fortinet Unauthenticated Vulnerability Warning

Bleeping Computer 10 months ago

Exploit available for critical Cisco ISE bug exploited in attacks

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). [...]

More from Bleeping Computer 29 Jul 2025, 5:29 a.m. Actively exploited CVE-2025-20281 CVE Cisco Critical Exploit Remote Code Execution Unauthenticated Vulnerability

Bleeping Computer 10 months, 2 weeks ago

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. [...]

More from Bleeping Computer 18 Jul 2025, 3:53 a.m. Actively exploited CVE-2025-20337 CVE Cisco Critical Patch Root Unauthenticated Vulnerability

The Hacker News 10 months, 3 weeks ago

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances

More from The Hacker News 12 Jul 2025, 2:38 a.m. Actively exploited CVE-2025-25257 CVE Critical Database Flaw Fortinet Patch SQL Unauthenticated Vulnerability

The Hacker News 1 year ago

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems

More from The Hacker News 14 May 2025, 4:21 p.m. Actively exploited CVE-2025-32756 0-Day CVE Critical Flaw Fortinet Patch Remote Code Execution Unauthenticated Vulnerability

The Hacker News 1 year ago

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks

More from The Hacker News 14 May 2025, 3:13 a.m. Actively exploited CVE-2025-31324 Advanced Persistent Threat Breach CVE China Critical Critical Infrastructure Disclosure Exploit Flaw Nation State Remote Code Execution Unauthenticated Vulnerability

Bank Info Security 1 year, 1 month ago

Threat Actors Hacking SAP Critical Zero-Day

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload WebshellsThreat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

More from Bank Info Security 29 Apr 2025, 8:00 a.m. Actively exploited CVE-2025-31324 0-Day CVE Critical Disclosure Exploit Flaw Hacking Threat Actor Tools Unauthenticated Widely Used

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available