Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Security Researchers Fear Broader Legal Pressure on Bug DisclosuresMicrosoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code following a breakdown in coordinated disclosure talks, escalating tensions over vulnerability disclosure, platform moderation and protections for independent security researchers.
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr
Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.…
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. [...]
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. [...]
Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle's E-Business Suite servers. [...]
Deploy Emergency Patch for Zero-Day Flaw, Hunt for Signs of Intrusion, Warn ExpertsOracle patched a zero-day vulnerability in Oracle E-Business Suite and urged customers to immediately install the fix. The flaw has been exploited since August by the Clop ransomware group, and with exploit code now having leaked, experts expect to see many more attackers join the fray.
Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program.…
Prompt Injection, HTML Output Rendering Could Be Used for ExploitHackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab's DevSecOps platform to manipulate the model's output, exfiltrate source code and potentially deliver malicious content through the platform's user interface.
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...]
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage
Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.…
Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data' Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier.…