Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Showing 7 most recent headlines Filtered view

The Hacker News 10 months, 1 week ago

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead

More from The Hacker News 25 Jul 2025, 2:14 a.m. CVE-2025-6704 CVE Critical Firewalls Flaw Mobile Patch Remote Code Execution Sophos Vulnerability

The Hacker News 10 months, 1 week ago

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

More from The Hacker News 23 Jul 2025, 4:40 p.m. Actively exploited CVE-2025-49704 CVE-2025-49706 America CISA CVE China Exploit Flaw Microsoft Vulnerability

Trend Micro Research, News and Perspectives 10 months, 1 week ago

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

More from Trend Micro Research, News and Perspectives 22 Jul 2025, 12:00 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 Abuse CVE Flaw Insight Microsoft Patch Remote Code Execution Unauthenticated Vulnerability

Info Security Magazine 10 months, 1 week ago

New CrushFTP Critical Vulnerability Exploited in the Wild

CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS

More from Info Security Magazine 22 Jul 2025, 1:00 a.m. Actively exploited CVE-2025-54309 CVE Critical Vulnerability

Dark Reading 10 months, 1 week ago

Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug

Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks.

More from Dark Reading 21 Jul 2025, 11:20 p.m. Actively exploited CVE-2025-53770 0-Day CVE Compromise Government Microsoft Patch Vulnerability

Bleeping Computer 10 months, 1 week ago

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. [...]

More from Bleeping Computer 21 Jul 2025, 4:41 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 0-Day CVE Compromise Flaw Microsoft Patch Remote Code Execution Vulnerability

Bleeping Computer 10 months, 2 weeks ago

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...]

More from Bleeping Computer 21 Jul 2025, 3:40 a.m. Actively exploited CVE-2025-53770 0-Day CVE Compromise Critical Microsoft Patch Remote Code Execution Vulnerability