Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released
Attackers appear to have reverse-engineered Big Red's patch
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Attackers appear to have reverse-engineered Big Red's patch
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.
Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM AppliancesCritical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet's FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch.
Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.
Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers
Mandiant Reveals Critical Flaw Exposes Sitecore ProductsAttackers exploited a now-patched zero-day vulnerability in a popular content management system that powers websites for companies including HSBC, L’Oréal, Toyota and United Airlines. Attackers used a cryptography key stored in some deployments to force the system into loading malware.
None under active exploit…yet Microsoft’s August Patch Tuesday flaw-fixing festival addresses 111 problems in its products, a dozen of which are deemed critical, and one moderate-severity flaw that is listed as being publicly known.…
Sure, 130 fixes were sent out, but bask in the security goodness For the first time this year, Microsoft has released a Patch Tuesday bundle with no exploited security problems, although one has been made public already, and there are ten critical flaws to fix.…
Patch Urgency Increases as Code to Exploit CVE-2025-1974 Vulnerability PublishedScans reveal that thousands of Kubernetes clusters' Ingress Nginx Controller software remain internet-exposed, which experts said is bad practice. More importantly, the software needs updating to fix a critical vulnerability that can be remotely exploited to seize complete control of a cluster.
PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to revisit their to-do lists.…
Researchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of WaysResearchers identified 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access point that's widely deployed across critical infrastructure environments. Attackers could exploit the flaws to remotely executive code and create denials of service.
CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack DiscoveryThe Cybersecurity and Infrastructure Security agency warned Palo Alto Networks that a critical vulnerability the technology giant previously patched has been actively exploited since then, according to a new advisory, potentially exposing configuration secrets and credentials.
Urgent Fix Addresses Critical Flaw That Allows Remote Code ExecutionProgress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks. The company is no stranger to urgent patching. It was at the center of a Memorial Day 2023 mass hacking incident.
About a thousand vulnerable instances still exposed online, we're told A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.…
Multiple publicly available exploits have since been published for the critical flaw The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight)
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign
Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM