Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view

Citrix Issues Patches to Counter Active Attacks Against Two Critical VulnerabilitiesAdministrators of Citrix Netscaler devices are being urged to immediately patch their devices to fix two actively exploited vulnerabilities. One, dubbed Citrix Bleed 2, can be abused by hackers to bypass multifactor authentication, hijack user sessions and gain unauthorized access to the equipment.

Bank Info Security 1 year, 5 months ago

Attackers Exploit Palo Alto Zero-Day Authentication Bypass

Surge in Attack Attempts Spotted After Palo Alto Networks Details and Patches FlawAttackers have stepped up efforts to exploit a vulnerability in the software that runs Palo Alto Networks firewall appliances that could give them direct access to the underlying software. Unauthenticated hackers could use PHP scripts to bypass the PAN-OS management web interface.

Also: Researchers Bypass GitHub Copilot's Protections, Deloitte Pays $5M for BreachThis week: A hacker claims to have 20 million OpenAI logins, Sweden clears ship in Baltic cable damage, researchers find ways to bypass GitHub Copilot's protections, Netgear patches router flaws, undetectable Mac backdoor raises alarms, Spain nabs hacker, and Deloitte pays $5M for RIBridges breach.

Bank Info Security 1 year, 5 months ago

Breach Roundup: Sweden Clears Ship in Baltic Cable Damage

Also: Researchers Bypass GitHub Copilot's Protections, Deloitte Pays $5M for BreachThis week: Sweden clears ship in Baltic cable damage, researchers find ways to bypass GitHub Copilot's protections, Netgear patches router flaws, undetectable Mac backdoor raises alarms, cyberattacks target aviation, Spain nabs international hacker, and Deloitte pays $5M for RIBridges breach.

Bank Info Security 1 year, 6 months ago

Researchers Spot Serious UEFI Secure Boot Bypass Flaw

Attackers Can Employ a Vulnerable Driver to Target Most Windows and Linux SystemsResearchers are warning Microsoft Windows as well as many Linux distribution users to install updates that revoke permissions for a vulnerable driver that attackers can use to target most systems, allowing them to bypass UEFI Secure Boot and install a bootkit to take full control of a system.

Bank Info Security 1 year, 6 months ago

Apple Patches Flaw That Allows Kernel Security Bypassing

Microsoft Uncovered Flaw That Affects macOS System Integrity Protection FeatureApple patched a vulnerability that allows hackers to bypass a key security feature in macOS by through third-party kernel extensions. Microsoft researchers uncovered the flaw tracked as CVE-2024-44243. The flaw could enable hackers to install rootkits and create malware with privileged access.

Bank Info Security 1 year, 7 months ago

OpenWrt Update Flaw Exposed Devices to Malicious Firmware

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity CheckA critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143.

Bank Info Security 1 year, 7 months ago

WordPress Plug-In Vulnerability Threatens 4 Million Sites

Critical Authentication Flaw Impacts Both Free and Pro UsersA widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.

Bank Info Security 1 year, 8 months ago

WordPress Plugin Vulnerability Threatens 4 Million Sites

Critical Authentication Flaw Impacts Both Free and Pro UsersA widely deployed five-in-one security plugin for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plugin.

Bank Info Security 1 year, 9 months ago

Ivanti CSA Customers Targeted in New Zero Day Attacks

Attackers Chain Three Security Flaws with Patched Admin Bypass VulnerabilityInternet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day patched in September. The company advised customers to update to version 5.0.