Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686

Bank Info Security 1 year, 1 month ago

Microsoft Patches Zero-Day Exploited by Emirati Hackers

Check Point: 'Stealth Falcon' Exploited WebDAV FlawMicrosoft on Tuesday patched a zero-day vulnerability in WebDAV that was exploited by UAE-linked threat actors as part of an espionage campaign in the Middle East and Africa. Check Point attributed the campaign to the Emirates APT group Stealth Falcon.

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Bank Info Security 2 years, 4 months ago

Lazarus Group Exploits Windows AppLocker Driver Zero-Day

Microsoft Fixed Bug in February That Gave Kernel-Level Access to North Korean APTNorth Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.

Trend Micro Research, News and Perspectives 2 years, 5 months ago

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.