Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Showing 3 most recent headlines Filtered view

A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online.  The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2

More from The Hacker News 22 Apr 2022, 11:43 p.m. CVE-2022-21449 Bypass CVE Disclosure Flaw Java Oracle PoC Vulnerability

Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. [...]

More from Bleeping Computer 20 Apr 2022, 8:45 p.m. Actively exploited CVE-2021-44228 Amazon Amazon Web Services CVE Cloud Critical Fixed Java Library Log4Shell Log4j Patch Vulnerability
Trend Micro Research, News and Perspectives 4 years, 1 month ago

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.

More from Trend Micro Research, News and Perspectives 20 Apr 2022, 12:00 p.m. Actively exploited CVE-2022-22965 CVE Cryptocurrency Remote Code Execution Vulnerability