'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Researchers dropped a reliable root exploit and it didn’t sit idle for long CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit.…
Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…
Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is "trivial" to exploit, experts say.…
Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program.…
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models.…
Seven days after disclosure and little action taken, data shows Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit.…
No fix plus a POC exploit equals bad news Details about a critical, 9.9-rated unauthenticated RCE affecting all GNU/Linux systems — and possibly others — will soon be revealed, according to bug hunter Simone Margaritelli, who says there's still no fix for the decade-old flaw he disclosed to developers three weeks ago.…
Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known.…
When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off The UK's NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited.…
For now, cryptographic work should be run on slower Icestorm cores The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it.…
Easy to exploit, not yet exploited, not widely patched – pick three As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services.…
More than 1,000 servers remain unpatched and vulnerable Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.…
Exploits began within hours of the original disclosure, so patch now Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server.…
Cloud version is safe, but no assurances offered about possible on-prem exploits JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.…
Multiple publicly available exploits have since been published for the critical flaw The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…
Ancient path traversal exploit offers remote attackers admin access Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.…
Issue has been patched so be sure to check your implementations SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.…
Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.…
At this point, just assume your kit is compromised Citrix has urged admins to "immediately" apply a fix for CVE-2023-4966, a critical information disclosure bug that affects NetScaler ADC and NetScaler Gateway, admitting it has been exploited.…