Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

34 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 34 Filtered view

Zoom warns of a critical Windows flaw, tracked as CVE-2026-53412, that could let attackers take over accounts without authentication. Zoom has fixed a critical Windows vulnerability, tracked as CVE-2026-53412 (CVSS score of 9.8) that could allow unauthenticated attackers to hijack user accounts. The flaw affects older versions of Workplace, the Windows VDI Client, and the […]

Bank Info Security 1 week, 2 days ago

Hidden Backdoor Found in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Bank Info Security 1 week, 2 days ago

Hidden Backdoor in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices

An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer

F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing […]

Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side […]

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials

Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE)

Bank Info Security 5 months, 3 weeks ago

Telnet Flaw: 800,000 Servers at Risk Amid Active Attacks

Telnet Flaw Allows Unauthenticated Users to Gain Root AccessHackers are on the hunt for open telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild.

Loading more headlines...