Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

8 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 8 most recent headlines Filtered view

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in […]

More from Security Affairs 3 Jun 2026, 9:44 p.m. Incident · 3 stories Actively exploited CVE-2025-48595 Android CVE Fixed Flaw Google Mobile Patch Privilege Escalation Vulnerability

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. [...]

More from Bleeping Computer 15 Feb 2026, 5:02 a.m. Actively exploited CVE-2026-21962 CVE-2026-24061 CVE Critical Mobile Remote Code Execution Threat Actor Vulnerability

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution.  The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead

More from The Hacker News 25 Jul 2025, 2:14 a.m. CVE-2025-6704 CVE Critical Firewalls Flaw Mobile Patch Remote Code Execution Sophos Vulnerability
Trend Micro Research, News and Perspectives 1 year, 8 months ago

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

More from Trend Micro Research, News and Perspectives 18 Sep 2024, 12:00 p.m. CVE-2024-20685 5G Authentication Azure CVE Microsoft Mobile Outage Research Vulnerability