Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [...]
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. [...]
Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. [...]
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors
Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. [...]