Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Showing 7 most recent headlines Filtered view

Security Affairs 6 days, 13 hours ago

U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw, tracked as CVE-2026-8398, […]

More from Security Affairs 29 May 2026, 1:14 a.m. Incident · 2 stories Actively exploited CVE-2026-8398 America CISA CVE Flaw Microsoft Tools Vulnerability

The Hacker News 1 month, 2 weeks ago

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild

More from The Hacker News 16 Apr 2026, 12:56 a.m. Incident · 3 stories CVE-2026-33032 Authentication Bypass CVE Critical Disclosure Flaw Open Source Threat Actor Tools Vulnerability

The Hacker News 3 months, 2 weeks ago

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges

More from The Hacker News 20 Feb 2026, 6:40 a.m. CVE-2026-26119 CVE Cloud Disclosure Flaw Microsoft Patch Privilege Escalation Tools Vulnerability

Bleeping Computer 1 year ago

Apache Parquet exploit tool detect servers vulnerable to critical flaw

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. [...]

More from Bleeping Computer 7 May 2025, 6:16 a.m. CVE-2025-30065 Apache CVE Critical Exploit Flaw PoC Tools Vulnerability

The Hacker News 1 year, 5 months ago

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted

More from The Hacker News 20 Dec 2024, 7:25 p.m. Actively exploited CVE-2023-48788 CVE Critical Flaw Fortinet Patch SQL Tools Vulnerability

Bleeping Computer 3 years, 11 months ago

Zoho ManageEngine ADAudit Plus bug gets public RCE exploit

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory. [...]

More from Bleeping Computer 2 Jul 2022, 7:45 a.m. CVE-2022-28219 CVE Critical Exploit PoC Remote Code Execution Research Tools Vulnerability

Bleeping Computer 3 years, 11 months ago

Russian hackers start targeting Ukraine with Follina exploits

Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]

More from Bleeping Computer 14 Jun 2022, 2:28 a.m. Actively exploited CVE-2022-30190 CVE Exploit Hacking Microsoft Remote Code Execution Russia Sandworm Tools Ukraine Vulnerability Warning