Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft
TriMed Is Among Several Other Medical Device Firms Recently AttackedA California maker of implantable orthopedic gear is the latest medical device maker in recent weeks to disclose it's been a victim of a cybersecurity incident. The disclosure of the hack on TriMed comes on the heels of an Iranian hacktivist attack on Stryker and a data theft from UFP Technologies.
TriMed Is Among Several Other Medical Device Firms Recently AttackedA California maker of implantable orthopedic gear is the latest medical device maker in recent weeks to disclose it's been a victim of a cybersecurity incident. The disclosure of the hack on TriMed comes on the heels of an Iranian hacktivist attack on Stryker and a data theft from UFP Technologies.
Also, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and FranceThis week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim surge.
Full disclosure of a live Iranian operational server. Open directory on active threat actor infrastructure revealed custom attack tools, 11 CVEs, confirmed victims including EgyptAir and the Portuguese Immigration Service, and 280+ Israeli targets.
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft
Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil
Why Are Third-Party Vendor Breaches So Hard to Figure Out?The victim tally of a 2024 hacking incident at medical services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.
Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts
Salesloft Says Hackers Broke Into Its GitHub RepositoryCybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.