Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Showing 7 most recent headlines Filtered view

Security Affairs 20 hours, 19 minutes ago

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

More from Security Affairs 3 Jun 2026, 5:03 p.m. CVE-2026-0826 CVE Critical Disclosure Patch Remote Code Execution Root Unauthenticated VoIP

Bleeping Computer 2 weeks, 6 days ago

New Fragnesia Linux flaw lets attackers gain root privileges

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]

More from Bleeping Computer 14 May 2026, 7:34 p.m. Incident · 9 stories CVE-2026-46300 CVE Flaw Linux Malicious Code Patch Privilege Escalation Root Vulnerability

Bleeping Computer 10 months, 2 weeks ago

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. [...]

More from Bleeping Computer 18 Jul 2025, 3:53 a.m. Actively exploited CVE-2025-20337 CVE Cisco Critical Patch Root Unauthenticated Vulnerability

The Hacker News 1 year ago

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system

More from The Hacker News 8 May 2025, 4:57 p.m. CVE-2025-20188 Apple CVE Cisco Exploit Flaw Patch Root Unauthenticated Vulnerability Wireless

The Hacker News 1 year, 4 months ago

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions

More from The Hacker News 15 Jan 2025, 5:53 a.m. CVE-2024-44243 Apple Bypass CVE Flaw Microsoft Patch Root Rootkit Vulnerability macOS

Dark Reading 2 years ago

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection.

More from Dark Reading 30 May 2024, 6:04 a.m. CVE-2024-23108 CVE Critical Exploit Fortinet Patch Remote Code Execution Root SIEM Unauthenticated

Trend Micro Research, News and Perspectives 4 years, 2 months ago

MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639

We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.

More from Trend Micro Research, News and Perspectives 4 Apr 2022, 12:00 p.m. CVE-2022-22639 CVE Patch Privilege Escalation Root Vulnerability macOS