Yasna | Cybersecurity news, filtered

Security Affairs 6 days, 9 hours ago

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

Dark Reading 7 months ago

Claroty Patches Authentication Bypass Flaw

CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and steal data from them.

More from Dark Reading 31 Oct 2025, 9:29 a.m. CVE-2025-54603 Authentication Bypass CVE Critical Flaw Operational Technology Patch Theft

The Hacker News 7 months, 4 weeks ago

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite that it said has been exploited in the recent wave of Cl0p data theft attacks

More from The Hacker News 6 Oct 2025, 6:15 p.m. Actively exploited CVE-2025-61882 CVE Compromise Critical Flaw Oracle Patch Theft Unauthenticated Vulnerability

Bleeping Computer 7 months, 4 weeks ago

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning

Bleeping Computer 10 months, 3 weeks ago

Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

More from Bleeping Computer 8 Jul 2025, 10:57 a.m. Actively exploited CVE-2025-5777 CVE Citrix Critical Exploit Flaw Patch PoC Research Theft Vulnerability Warning

Bleeping Computer 1 year, 4 months ago

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]

More from Bleeping Computer 9 Jan 2025, 7:55 a.m. CVE-2024-52875 CVE Critical Exploit Firewalls Flaw Remote Code Execution Theft Vulnerability

Bleeping Computer 1 year, 7 months ago

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

More from Bleeping Computer 24 Oct 2024, 4:05 a.m. Actively exploited CVE-2024-47575 0-Day API Artificial Intelligence CVE Credentials Critical Disclosure Flaw Fortinet Theft Vulnerability Warning

Dark Reading 2 years, 1 month ago

Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

More from Dark Reading 4 May 2024, 4:19 a.m. Actively exploited CVE-2023-7028 CISA CVE Critical Exploit Patch Source Code Theft Warning

Dark Reading 2 years, 3 months ago

Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft

Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.

More from Dark Reading 23 Feb 2024, 9:39 a.m. CVE-2024-23204 Apple CVE Critical Theft Vulnerability Zero-Click macOS

Dark Reading 2 years, 8 months ago

Critical Security Bug Opens Cisco BroadWorks to Complete Takeover

Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.

More from Dark Reading 9 Sep 2023, 6:32 a.m. CVE-2023-20238 CVE Cisco Critical DoS Exploit Fraud Phishing Theft

Bleeping Computer 3 years, 2 months ago

Critical Microsoft Outlook bug PoC shows how easy it is to exploit

Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]

More from Bleeping Computer 16 Mar 2023, 6:00 a.m. Actively exploited CVE-2023-23397 CVE Critical Email Exploit Microsoft Passwords PoC Research Theft Vulnerability

Dark Reading 3 years, 4 months ago

Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available

Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.

More from Dark Reading 13 Jan 2023, 8:11 a.m. CVE-2023-20025 CVE-2023-20026 Authentication Bypass CVE Cisco Critical Flaw Lateral Movement Malware PoC Routers Theft

Latest cybersecurity reporting from selected sources.

Refine the feed

Volume over time

Fresh headlines available