Yasna | Cybersecurity news, filtered

Dark Reading 1 month, 4 weeks ago

Fortinet Issues Emergency Patch for FortiClient Zero-Day

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

More from Dark Reading 7 Apr 2026, 8:24 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication Bypass CVE Flaw Fortinet Patch Vulnerability

The Hacker News 1 month, 4 weeks ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild

More from The Hacker News 5 Apr 2026, 4:32 p.m. Incident · 10 stories Actively exploited CVE-2026-35616 API Authentication Bypass CVE Critical Flaw Fortinet Patch Privilege Escalation Vulnerability

The Hacker News 3 months ago

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai

More from The Hacker News 2 Mar 2026, 11:36 p.m. Actively exploited CVE-2026-21513 0-Day Bypass CVE Disclosure Flaw Framework Microsoft Nation State Patch Patch Tuesday Russia Threat Actor Vulnerability

The Hacker News 4 months ago

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild

More from The Hacker News 28 Jan 2026, 5:49 p.m. Actively exploited CVE-2026-24858 Authentication Bypass CVE Critical Flaw Fortinet Patch SSO Vulnerability

Bleeping Computer 4 months, 1 week ago

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. [...]

More from Bleeping Computer 28 Jan 2026, 12:19 p.m. Actively exploited CVE-2026-24858 0-Day Authentication Blocked Bypass CVE Critical Firmware Fortinet Patch SSO Vulnerability

The Hacker News 4 months, 1 week ago

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks

More from The Hacker News 27 Jan 2026, 8:19 p.m. Actively exploited CVE-2026-21509 0-Day Bypass CVE Microsoft Microsoft Office Patch Vulnerability

Bleeping Computer 4 months, 1 week ago

Fortinet admins report patched FortiGate firewalls getting hacked

Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. [...]

More from Bleeping Computer 22 Jan 2026, 6:49 a.m. Actively exploited CVE-2025-59718 Authentication Bypass CVE Critical Firewalls Fixed Fortinet Hacking Patch Report Vulnerability

Dark Reading 7 months ago

Claroty Patches Authentication Bypass Flaw

CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and steal data from them.

More from Dark Reading 31 Oct 2025, 9:29 a.m. CVE-2025-54603 Authentication Bypass CVE Critical Flaw Operational Technology Patch Theft

The Hacker News 8 months, 3 weeks ago

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year

More from The Hacker News 12 Sep 2025, 11:50 p.m. CVE-2024-7344 Antivirus Bypass CVE Disclosure Exploit Firmware Malware Patch Ransomware Research Vulnerability

Bleeping Computer 11 months, 3 weeks ago

New Secure Boot flaw lets attackers install bootkit malware, patch now

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. [...]

More from Bleeping Computer 11 Jun 2025, 8:02 a.m. CVE-2025-3052 Bypass CVE Critical Disclosure Flaw Malware Patch Research

Dark Reading 1 year ago

Attackers Target Samsung MagicINFO Server Bug, Patch Now

CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.

More from Dark Reading 16 May 2025, 7:10 a.m. Actively exploited CVE-2025-4632 Bypass CVE Critical Disclosure Patch Samsung Threat Actor Vulnerability

The Register 1 year, 3 months ago

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…

More from The Register 15 Feb 2025, 11:53 a.m. Actively exploited CVE-2024-53704 Authentication Bypass CVE Exploit Firewalls Patch PoC Ransomware VPN

Bleeping Computer 1 year, 4 months ago

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. [...]

More from Bleeping Computer 17 Jan 2025, 4:05 a.m. CVE-2024-7344 Bypass CVE Critical Flaw Microsoft Patch Vulnerability

Bank Info Security 1 year, 4 months ago

Apple Patches Flaw That Allows Kernel Security Bypassing

Microsoft Uncovered Flaw That Affects macOS System Integrity Protection FeatureApple patched a vulnerability that allows hackers to bypass a key security feature in macOS by through third-party kernel extensions. Microsoft researchers uncovered the flaw tracked as CVE-2024-44243. The flaw could enable hackers to install rootkits and create malware with privileged access.

More from Bank Info Security 15 Jan 2025, 10:30 a.m. CVE-2024-44243 Apple Bypass CVE Flaw Malware Microsoft Patch Research Vulnerability macOS

The Hacker News 1 year, 4 months ago

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions

More from The Hacker News 15 Jan 2025, 5:53 a.m. CVE-2024-44243 Apple Bypass CVE Flaw Microsoft Patch Root Rootkit Vulnerability macOS

Bank Info Security 1 year, 5 months ago

OpenWrt Update Flaw Exposed Devices to Malicious Firmware

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity CheckA critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143.

More from Bank Info Security 11 Dec 2024, 10:00 a.m. CVE-2024-54143 Bypass CVE Compromise Critical Exposure Firmware Flaw Linux Patch Vulnerability

Bleeping Computer 1 year, 11 months ago

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. [...]

More from Bleeping Computer 14 Jun 2024, 5:21 a.m. CVE-2024-29855 Authentication Bypass CVE Critical Exploit Patch PoC Vulnerability

Bleeping Computer 1 year, 11 months ago

Exploit for critical Veeam auth bypass available, patch now

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. [...]

More from Bleeping Computer 11 Jun 2024, 3:05 a.m. CVE-2024-29849 Authentication Backup Bypass CVE Critical Exploit Flaw Patch PoC

Bleeping Computer 2 years, 2 months ago

Exploit available for new critical TeamCity auth bypass bug, patch now

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. [...]

More from Bleeping Computer 5 Mar 2024, 11:42 a.m. Actively exploited CVE-2024-27198 Bypass CVE Critical Exploit Patch Unauthenticated Vulnerability

Dark Reading 2 years, 6 months ago

Exploit for Critical Windows Defender Bypass Goes Public

Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.

More from Dark Reading 22 Nov 2023, 10:29 a.m. Actively exploited CVE-2023-36025 0-Day Bypass CVE Critical Exploit Microsoft Patch Threat Actor Vulnerability

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available