Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale

More from The Hacker News 3 Apr 2026, 8:30 a.m. Actively exploited CVE-2025-55182 API Amazon Amazon Web Services Breach CVE Cisco Credentials Database Exploit Github Infection SSH Theft Vulnerability

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]

More from Bleeping Computer 12 Aug 2025, 6:05 a.m. Actively exploited CVE-2025-8088 0-Day CVE Hacking Infection Malware Report Research Russia Vulnerability
Trend Micro Research, News and Perspectives 1 year, 2 months ago

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.

More from Trend Micro Research, News and Perspectives 28 Mar 2025, 1:00 p.m. Actively exploited CVE-2025-26633 0-Day CVE Framework Infection Malicious Code Microsoft Research Russia Threat Actor Vulnerability