Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities

More from The Hacker News 21 Mar 2026, 4:15 a.m. Actively exploited CVE-2026-33017 API Authentication CVE Critical Disclosure Flaw Remote Code Execution Threat Actor Vulnerability
Trend Micro Research, News and Perspectives 5 months, 3 weeks ago

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation

CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise.

More from Trend Micro Research, News and Perspectives 10 Dec 2025, 1:00 p.m. Actively exploited CVE-2025-55182 Authentication CVE Exploit Fake PoC Remote Code Execution
Trend Micro Research, News and Perspectives 5 months, 4 weeks ago

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know

CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks).

More from Trend Micro Research, News and Perspectives 5 Dec 2025, 1:00 p.m. Actively exploited CVE-2025-55182 Authentication CVE Critical Framework Remote Code Execution Vulnerability

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. [...]

More from Bleeping Computer 28 Mar 2022, 1:03 a.m. Actively exploited CVE-2022-1040 Authentication Bypass CVE Critical Firewalls Fixed Remote Code Execution Sophos Vulnerability