Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025
Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched
Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.
Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. [...]
Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware
UNC5325 Can Remain in Hacked Devices Despite Factory Reset and PatchesChinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.
US Agencies Told to Remove Ivanti's Affected Products From Federal NetworksThe U.S. Cybersecurity and Infrastructure Security Agency directed federal agencies to implement mitigation measures for two zero-day exploits that affect Ivanti’s popular VPN products while they await a patch, in what one official described as "a rapidly evolving situation."
Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.
Cyber Agencies Urge Users to Apply Workaround in the Absence of PatchesHackers possibly connected to the Chinese government since December have exploited two zero-days in a VPN from software developer Ivanti that is widely used by governments and corporations, and a patch won't be available until later this month.
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. [...]
A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan