Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

29 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 29 Filtered view
Bank Info Security 2 days, 14 hours ago

Researcher Drops 9th Windows Zero-Day

LegacyHive Is a Local Privilege Escalation BugThe vulnerability hunter in a feud with Microsoft released yet another Windows zero-day Tuesday as promised, though the touted "bone-shattering" disclosure was stripped down to prevent public exploitation. LegacyHive, exploits a profile-loading race condition to access another user's registry hive.

Bank Info Security 3 days, 13 hours ago

US Government Launches AI Vulnerability Clearinghouse

Initiative seeks to prevent duplicate vulnerability scanning and remediation efforts.The Trump administration has launched Gold Eagle, a federal AI cybersecurity clearinghouse that coordinates AI-discovered software vulnerabilities through Carnegie Mellon University's VINCE platform to speed validation, disclosure and remediation while reducing duplicate efforts across government and industry.

Bank Info Security 1 week, 2 days ago

Hidden Backdoor Found in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Bank Info Security 1 week, 2 days ago

Hidden Backdoor in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Eset Links Group's Growth to Integrated Endpoint-Killing ToolsEset researchers say the rapidly growing Gentlemen ransomware operation differentiates itself by supplying affiliates with a standardized EDR-killer suite that disables security tools, quickly incorporates newly disclosed vulnerable drivers and helps scale attacks across multiple regions worldwide.

Bank Info Security 1 month, 2 weeks ago

Microsoft Threatens Legal Action Over Zero-Day Leaks

Security Researchers Fear Broader Legal Pressure on Bug DisclosuresMicrosoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code following a breakdown in coordinated disclosure talks, escalating tensions over vulnerability disclosure, platform moderation and protections for independent security researchers.

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly ExploitsAI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.

Bank Info Security 2 months, 1 week ago

Anthropic Sounds Cyber Alarm Amid Financial AI Push

Mythos Found ‘Tens of Thousands’ of Unpatched Flaws With Months to Fix ThemAnthropic CEO Dario Amodei warned that Claude Mythos has found tens of thousands of unpatched software vulnerabilities, with a six-to-12 month window before Chinese AI models catch up. The disclosure came alongside a major financial services push including an investor-backed firm and 10 new AI agents.

Bank Info Security 3 months, 1 week ago

Why Claude Mythos Shifts Focus From Finding to Fixing Bugs

But Expect Plenty of Bottlenecks in Coordination, Validation and Patch DeploymentAnthropic's Claude Mythos Preview shows how AI can discover and chain vulnerabilities at scale, but the bigger challenge for defenders is redesigning disclosure, triage and patching processes so fixes can be deployed safely before attackers exploit the gap.

Bank Info Security 3 months, 2 weeks ago

Under Fire: Attackers Target Flaws in F5 and Citrix Gear

F5 Revises Severity of Flaw Disclosed Last YearFlaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a "memory overread" flaw in NetScaler Application Delivery Controller.

Bank Info Security 3 months, 4 weeks ago

Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks

AWS Researchers Find an Interlock Server Laden With ToolsRansomware hackers exploited a flaw with a maximum vulnerability score in Cisco firewall management software weeks before the networking giant disclosed the vulnerability in early March. The group has focused extensively on critical infrastructure sectors in North America and Europe.

Juniper Tells Customers to Tune Their FirewallA critical vulnerability in Juniper Networks' primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication.

Bank Info Security 7 months, 2 weeks ago

Ransomware Threats Moving Out to the Edge

Rapid7's Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they're disclosed, and they're focusing on flaws in devices on the network edge.

Also, North Korean Hackers Remotely Wipe Android DevicesThis week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google's Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web application vulnerabilities.

Bank Info Security 10 months, 1 week ago

Hackers Turn Red Team AI Tool Into Citrix Exploit Engine

HexStrike-AI Connects LLMs to Over 150 Existing Security ToolsA red-team framework released for penetration testing has become a weapon in the wild, repurposed by hackers to accelerate exploitation of newly disclosed Citrix vulnerabilities. Check Point Research observed chatter suggesting n-day attacks may unfold in minutes, shrinking defender response time.

Bank Info Security 11 months, 2 weeks ago

View to a Patch: Google Tweaks Its Vulnerability Disclosure

Security Experts Laud Project Zero's Push for Greater Transparency, Faster PatchesGoogle is trying out a new approach to publicizing flaws found by its in-house bug hunters meant to get patches more rapidly into end users' hands. Under a trial policy effective immediately, Google's Project Zero team will publish a general alert to the public within seven days.

Bank Info Security 1 year, 1 month ago

Unpatched Buffer Overflow in Schneider Home Devices

Vulnerability Could Enable Remote Code Injection AttacksWhen the lights start flickering in homes equipped with Schneider Electric end-of-life smart switches, it could be hackers, now that the French company disclosed a remotely exploitable vulnerability that won't receive a patch. No hacking has been reported to date.

Bank Info Security 1 year, 5 months ago

Nation State Groups Exploit Gemini AI App

Google Says Iranian and Chinese Threat Group the Most ActiveIranian and Chinese threat actors are using Google's artificial intelligence application Gemini for vulnerability scanning and reconnaissance activities, with some attempting to bypass security guardrails of the application, the computing giant disclosed.

Hackers Targeted a PAN-OS Flaw Days After Its DisclosureA suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage. UNC5325 activity aligns with the Chinese hacking strategy of targeting edge devices.

Bank Info Security 1 year, 8 months ago

Schneider Electric Warns of Critical Modicon Flaws

Multiple Critical Vulnerabilities Expose Industrial Control RisksFrench multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers. The vulnerabilities could allow unauthorized access, data manipulation and system interruptions.

Loading more headlines...