CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
Three federal agencies were parties to a global security advisory this week warning about the extensive threat posed by Chinese nation-state actors targeting network devices.
Two critical N-able vulnerabilities enable local code execution and command injection, and require authentication to exploit, suggesting they wouldn't be seen at the beginning of an exploit chain.
A threat actor has gained access to Microsoft 365 environments of a small number of customers of Commvault's Metallic service.
Though the app claims to use end-to-end encryption, hackers have reportedly accessed archived data on the app's servers via a new vulnerability.
The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.
An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.
The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.
Beware that friendly text from the IT department giving you an "update" about restoring your broadband connectivity.
Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.
The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn't been.)
A seven-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.
The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted.
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
CISA advisory warns of critical ICS device flaws, but a lack of available fixes leaves network administrators on defense to prevent exploits.
With stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts fear.
Dropping the ball on chemical security has precipitated "a national security gap too great to ignore," CISA warns.
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.