Attackers target critical FortiSandbox flaws as CISA issues patch order
Command injection vulns land on exploited list after researchers spot abuse attempts
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Command injection vulns land on exploited list after researchers spot abuse attempts
Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open
DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on June 25 for CVE-2026-43503 (CVSS score of 8.8), a Linux kernel privilege escalation they call DirtyClone. It’s the fourth vulnerability in the DirtyFrag family, all sharing the same […]
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution
Also: Zcash Patches Flaw, $32M Humanity Protocol HackThis week, a key player in a $97M laundering scheme got prison time, Humanity Protocol suffered $32M in losses, Zcash patched a flaw, the EU targeted crypto platforms tied to Russia, authorities froze $3.8M in illicit funds and researchers exposed a Trezor chip weakness.
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container
A five-step flaw chain in the popular automation service, now patched, could have let a single attacker act as any signed-in user across thousands of connected apps. The post Zapier fixes bug chain that researchers say risked widespread account takeover appeared first on CyberScoop.
Hidden Install Settings Let Malicious MCP Links Execute CodeMicrosoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install links, giving them persistent access to developer machines through what appeared to be routine artificial intelligence tool installations.
Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.
No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.
Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first on CyberScoop.
AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity VulnerabilitiesResearchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems.
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system