Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 27 Filtered view
Bank Info Security 1 week, 2 days ago

Hidden Backdoor Found in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Bank Info Security 1 week, 2 days ago

Hidden Backdoor in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Juniper Tells Customers to Tune Their FirewallA critical vulnerability in Juniper Networks' primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication.

Bank Info Security 4 months, 3 weeks ago

Marquis Sues SonicWall Over 2025 Firewall Data Breach

Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against MarquisMarquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.

Bank Info Security 5 months, 2 weeks ago

Telnet Flaw: 800,000 Servers at Risk Amid Active Attacks

Telnet Flaw Allows Unauthenticated Users to Gain Root AccessHackers are on the hunt for open telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild.

Bank Info Security 8 months ago

Hackers Exploited Cisco ISE Zero-Day

Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Bank Info Security 11 months, 1 week ago

Axis Security Camera Flaws Enable Remote Takeover

4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on DevicesResearchers who uncovered four severe flaws in Axis Communications' video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication.

Bank Info Security 11 months, 3 weeks ago

Attackers Exploit Zero-Day Flaws in On-Premises SharePoint

Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing AttacksHackers have been exploiting a zero-day vulnerability dubbed "ToolShell" in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches, experts warn administrators to also rotate keys, to help eject attackers.

Remote Code Execution Flaw Affects More Than 5,000 ServersThreat actors are actively exploiting a critical vulnerability in a server file transfer solution. Researchers say the flaw in Wing FTP Server could allow threat actors to execute system-level commands remotely, using null byte and Lua injection without authentication.

Bank Info Security 1 year, 3 months ago

Solar Power Infrastructure Vulnerable to Hacking

Flaws in Solar Inverters Threaten Power Grid StabilityResearchers from Forescout's Vedere Labs detected security shortcomings in the world’s leading solar inverters that could enable hackers to hijack solar energy production and destabilize power grids. Flaws include unauthorized remote access, insecure authentication and remote code execution.

Bank Info Security 1 year, 3 months ago

IoT Security Gaps Put Enterprises at Risk

Dennis Giese on Reverse Engineering, Flawed Authentication, Poor Threat ModelingIoT security flaws expose users and businesses to serious risks. Weak authentication methods allow attackers to manipulate devices, leading to data breaches and privacy violations. Reverse engineering highlights these weaknesses, said Dennis Giese, IoT security and privacy researcher.

Bank Info Security 1 year, 5 months ago

Attackers Exploit Palo Alto Zero-Day Authentication Bypass

Surge in Attack Attempts Spotted After Palo Alto Networks Details and Patches FlawAttackers have stepped up efforts to exploit a vulnerability in the software that runs Palo Alto Networks firewall appliances that could give them direct access to the underlying software. Unauthenticated hackers could use PHP scripts to bypass the PAN-OS management web interface.

Bank Info Security 1 year, 5 months ago

SonicWall's Zero-Day Provokes Patch Alerts

Preauthentication Deserialization Flaw Could Result in Remote Code ExecutionSoftware vendors and national security agencies are urging immediate patching of a critical SonicWall flaw days after the security device manufacturer disclosed that hackers are actively exploiting a zero-day. The flaw doesn't require user authentication.

Bank Info Security 1 year, 6 months ago

'DoubleClickjacking' Threatens Major Websites’ Security

Flaw Bypasses Clickjacking Defenses, Enables Account TakeoversHackers are exploiting the split-second delay between two mouse clicks to carry out sophisticated clickjacking attacks, tricking victims into authorizing transactions or granting access they never intended. "DoubleClickjacking" manipulates users into granting OAuth and API permissions

Bank Info Security 1 year, 7 months ago

WordPress Plug-In Vulnerability Threatens 4 Million Sites

Critical Authentication Flaw Impacts Both Free and Pro UsersA widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.

Bank Info Security 1 year, 7 months ago

WordPress Plugin Vulnerability Threatens 4 Million Sites

Critical Authentication Flaw Impacts Both Free and Pro UsersA widely deployed five-in-one security plugin for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plugin.

Bank Info Security 1 year, 10 months ago

Microsoft Copilot Fixes ASCII Smuggling Vulnerability

Security Researcher Uncovered the Flaw, Which Allowed System TakeoverMicrosoft says it fixed a security flaw in artificial intelligence chatbot Copilot that enabled attackers to steal multifactor authentication code using a prompt injection attack. Security researcher Johann Rehberger said he discovered a way to invisibly force Copilot to send data.

Loading more headlines...