Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

42 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 42 Filtered view

DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on June 25 for CVE-2026-43503 (CVSS score of 8.8), a Linux kernel privilege escalation they call DirtyClone. It’s the fourth vulnerability in the DirtyFrag family, all sharing the same […]

Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Bank Info Security 2 months, 1 week ago

'Dirty Frag' Gives Root on Linux Distros

No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.

Bank Info Security 5 months, 3 weeks ago

Attacks Target Freshly Patched, Critical Fortinet Flaws

Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM AppliancesCritical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet's FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch.

Bank Info Security 6 months, 2 weeks ago

75,000 MongoDBs Exposed as Attackers Exploit 'MongoBleed'

Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

Researchers in Proof of Concept Show Exploit Potential for Widely Used SoftwareTechnical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.

Bank Info Security 1 year, 6 months ago

Patch Alert: Remotely Exploitable LDAP Flaws in Windows

Proof-of-Concept Exploit 'LDAP Nightmare' Crashes 'Any Unpatched Windows Server'Security experts are urging all organizations that use Microsoft Windows to ensure they install patches, released last month, to fix Lightweight Directory Access Protocol denial-of-service and remote code execution flaws. Researchers have released a proof-of-concept exploit for the latter flaw.

Bank Info Security 1 year, 7 months ago

Hackers Exploiting Cleo Software Zero-Day

Attackers Target Managed File Transfer Software VulnerabilitiesFile transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn't fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files.

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information

Loading more headlines...