Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against MarquisMarquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication [...]
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.
Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. [...]
Chocolate Factory fixes issue, pays only $5K A researcher has exposed a flaw in Google's authentication systems, opening it to a brute-force attack that left users' mobile numbers up for grabs.…
A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...]
Vulnerabilities Could Lead to Unauthorized Data Access and ManipulationHalf a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk. The flaws could cause unauthorized access, network manipulation and exposure of sensitive data.
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [...]
Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR (digital video recording) devices. [...]