Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 27 Filtered view
Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Vendor Details Mitigations, Promises Patched PAN-OS Software in Coming WeeksPalo Alto Networks warned that a critical vulnerability in the PAN-OS software that runs its firewalls is being actively exploited in the wild by attackers. The vendor detailed temporary mitigations and promised to release updated software to fully patch the flaw later this month.

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management ServerFortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Bank Info Security 3 months, 3 weeks ago

German Police Rouse System Admins From Sleep Over IT Flaw

Police Fanned Out Early Sunday Brandishing an Advisory of a CVSS 10 VulnerabilityPolice officers across Germany roused corporate IT administrators during the early hours of Sunday morning. Their message to bleary-eyed admins was to immediately patch a critical vulnerability in popular product lifecycle management software from U.S. vendor PTC.

The Register 5 months, 2 weeks ago

Critical SolarWinds Web Help Desk bug under attack

US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.…

Bank Info Security 5 months, 3 weeks ago

Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

Bank Info Security 7 months, 3 weeks ago

Breach Roundup: Recently Patched Oracle Flaw Under Attack

Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell's Soup Cans CISOThis week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and Campbell's canned its CISO.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last MonthAffiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild.…

Two emergency patches issued in two weeks Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products — but not before criminals found and exploited it as a zero-day.…

Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo Ransomware criminals infected a utility billing software providers' customers, and in some cases disrupted services, after exploiting unpatched versions of SimpleHelp’s remote monitoring and management (RMM) tool, according to a Thursday CISA alert.…

Bank Info Security 1 year, 6 months ago

Critical Flaws Expose 25,000 SonicWall Devices to Hackers

Many SonicWall Firewalls Are Unsupported or Lack Patches for Known VulnerabilitiesThousands of SonicWall network security devices remain exposed with critical security flaws, including 20,000 running outdated firmware that no longer receives vendor support. Despite patches available for some of these flaws, many organizations continue to run the outdated firmware.

No Patch Yet; Management Interface Lockdown Blunts Attacks, Networking Giant SaysAttackers are exploiting a zero-day vulnerability in some types of Palo Alto Networks firewalls, the cybersecurity giant warned. While details of the flaw remain scant - no patch is available - the vendor urged customers to ensure their firewall management interfaces are not internet-exposed.

Microsoft bug hunters highlight weaknesses in source-wrangling suite Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched "immediately," according to Microsoft, which spotted the flaws and disclosed them to the software vendor.…

Loading more headlines...