Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

28 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 28 Filtered view
Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Bank Info Security 2 months, 1 week ago

'Dirty Frag' Gives Root on Linux Distros

No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.

Vendor Details Mitigations, Promises Patched PAN-OS Software in Coming WeeksPalo Alto Networks warned that a critical vulnerability in the PAN-OS software that runs its firewalls is being actively exploited in the wild by attackers. The vendor detailed temporary mitigations and promised to release updated software to fully patch the flaw later this month.

Also, Eurail Breach, ChipSoft Hospital Disruptions, W3LL Phishing TakedownThis week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda scams, major data leaks hit healthcare and China, ransomware and phishing ops surged, and multiple breaches impacted firms and hospitals.

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management ServerFortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Bank Info Security 3 months, 3 weeks ago

German Police Rouse System Admins From Sleep Over IT Flaw

Police Fanned Out Early Sunday Brandishing an Advisory of a CVSS 10 VulnerabilityPolice officers across Germany roused corporate IT administrators during the early hours of Sunday morning. Their message to bleary-eyed admins was to immediately patch a critical vulnerability in popular product lifecycle management software from U.S. vendor PTC.

Bank Info Security 4 months, 3 weeks ago

Malicious Repo Files Could Hijack Claude Code Sessions

Flaws Let Attackers Run Commands and Steal API Keys Before Trust PromptCheck Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.

Bank Info Security 4 months, 3 weeks ago

Hospitals at Risk of BeyondTrust Ransomware Hacks

Critical Vulnerability Could Give Attackers Foothold in Clinical NetworksFederal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network.

Bank Info Security 4 months, 4 weeks ago

Breach Roundup: Cambodia Scam Center Crackdown

Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-DayThis week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.

Bank Info Security 5 months, 3 weeks ago

Attacks Target Freshly Patched, Critical Fortinet Flaws

Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM AppliancesCritical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet's FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch.

Bank Info Security 6 months, 2 weeks ago

75,000 MongoDBs Exposed as Attackers Exploit 'MongoBleed'

Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.

Bank Info Security 10 months, 1 week ago

Attackers Exploit Sitecore Zero Day

Mandiant Reveals Critical Flaw Exposes Sitecore ProductsAttackers exploited a now-patched zero-day vulnerability in a popular content management system that powers websites for companies including HSBC, L’Oréal, Toyota and United Airlines. Attackers used a cryptography key stored in some deployments to force the system into loading malware.

Flaw Exposes Remote Privilege Escalation RiskCisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

Bank Info Security 1 year, 3 months ago

Critical Kubernetes Controller Flaws: 4,000 IPs Exposed

Patch Urgency Increases as Code to Exploit CVE-2025-1974 Vulnerability PublishedScans reveal that thousands of Kubernetes clusters' Ingress Nginx Controller software remain internet-exposed, which experts said is bad practice. More importantly, the software needs updating to fix a critical vulnerability that can be remotely exploited to seize complete control of a cluster.

'Real Danger' Alert for Unpatched Veeam Servers Attached to a Production DomainWidely used Veeam Backup & Replication software has been patched to fix a critical vulnerability that could be abused to remotely exploit malicious code. Security experts recommend rapid patching, given ransomware and other groups' repeat targeting of the software.

Bank Info Security 1 year, 5 months ago

Hackers Are Exploiting Trimble Cityworks, CISA Warns

Feds Order Agencies to Patch Critical Flaw in Widely Used Local Government SystemHackers are exploiting a critical vulnerability in Trimble's Cityworks platform, an infrastructure management tool used by governments that enables remote code execution on Microsoft IIS web servers. CISA has ordered federal civilian agencies to patch a critical vulnerability by Feb. 28.

Bank Info Security 1 year, 6 months ago

Nuclei Patches High Severity Flaw in Security Tool

Flaw Enabled Signature Bypassing on Nuclei ProjectDiscoveryOpen-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.

Bank Info Security 1 year, 6 months ago

Critical Flaws Expose 25,000 SonicWall Devices to Hackers

Many SonicWall Firewalls Are Unsupported or Lack Patches for Known VulnerabilitiesThousands of SonicWall network security devices remain exposed with critical security flaws, including 20,000 running outdated firmware that no longer receives vendor support. Despite patches available for some of these flaws, many organizations continue to run the outdated firmware.

Bank Info Security 1 year, 7 months ago

OpenWrt Update Flaw Exposed Devices to Malicious Firmware

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity CheckA critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143.

Bank Info Security 1 year, 7 months ago

Warning: Patch Advantech Industrial Wireless Access Points

Researchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of WaysResearchers identified 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access point that's widely deployed across critical infrastructure environments. Attackers could exploit the flaws to remotely executive code and create denials of service.

Loading more headlines...