Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]

More from Bleeping Computer 15 May 2026, 8:09 a.m. Incident · 4 stories Actively exploited CVE-2026-20182 0-Day Authentication Bypass CVE Cisco Compromise Critical Flaw Warning

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

More from Bleeping Computer 27 Mar 2026, 8:17 a.m. Actively exploited CVE-2026-33017 Artificial Intelligence CISA CVE Critical Flaw Framework Vulnerability Warning

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. [...]

More from Bleeping Computer 26 Feb 2026, 7:01 a.m. Actively exploited CVE-2026-20127 0-Day Authentication Bypass CVE Cisco Compromise Critical Vulnerability Warning

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads

More from The Hacker News 28 Jan 2026, 10:46 p.m. Actively exploited CVE-2025-8088 CVE China Critical Flaw Google Government Initial Access Nation State Patch Russia Threat Actor Vulnerability Warning

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

More from The Hacker News 12 Sep 2025, 11:03 p.m. Actively exploited CVE-2025-5086 America CISA CVE Critical Flaw Vulnerability Warning

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...]

More from Bleeping Computer 10 Sep 2025, 3:53 a.m. Actively exploited CVE-2025-54236 Adobe CVE Critical E-commerce Flaw Open Source Patch Research Vulnerability Warning

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

More from Bleeping Computer 8 Jul 2025, 10:57 a.m. Actively exploited CVE-2025-5777 CVE Citrix Critical Exploit Flaw Patch PoC Research Theft Vulnerability Warning

NetScaler vendor issued a patch but otherwise, stony silence Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of users still haven't patched.…

More from The Register 8 Jul 2025, 8:31 a.m. Actively exploited CVE-2025-5777 CVE Citrix Critical Exploit Patch Research Vendor Warning

Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...]

More from Bleeping Computer 20 Feb 2025, 4:38 a.m. Actively exploited CVE-2025-0108 Authentication Breach Bypass CVE Critical Firewalls Flaw Palo Alto Networks Vulnerability Warning

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

More from Bleeping Computer 24 Oct 2024, 4:05 a.m. Actively exploited CVE-2024-47575 0-Day API Artificial Intelligence CVE Credentials Critical Disclosure Flaw Fortinet Theft Vulnerability Warning