Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 16 most recent headlines Filtered view

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging FaceResearchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code ExecutionAn attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Bank Info Security 8 months ago

Hackers Exploited Cisco ISE Zero-Day

Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

Bank Info Security 11 months, 1 week ago

MCP Protocol Bug Let Attackers Execute Code in Cursor

Cursor Patched Flaw Days After Disclosure, Says Check PointCheck Point researchers found a RCE flaw in Cursor, an AI-powered code editor, by manipulating a previously approved model context protocol configuration. Once a developer approved a configuration file for an MCP server, any future changes to that file could be executed without further prompts.

Remote Code Execution Flaw Affects More Than 5,000 ServersThreat actors are actively exploiting a critical vulnerability in a server file transfer solution. Researchers say the flaw in Wing FTP Server could allow threat actors to execute system-level commands remotely, using null byte and Lua injection without authentication.

Thousands of MCP Servers Leave AI Apps Open to Attack SurfacesHundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Researchers in Proof of Concept Show Exploit Potential for Widely Used SoftwareTechnical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.

Bank Info Security 1 year, 2 months ago

AirBorne and Dangerous: Hacking Through the Soundwaves

Researchers Uncover Bugs in Apple’s AirPlay, Risking Takeover of Smart DevicesVulnerabilities in wireless streaming protocol AirPlay could expose Apple operating system devices to remote code execution by enabling attackers to infiltrate networks through trusted connections. The flaws are in the software development kit used by third-party manufacturers.

Bank Info Security 1 year, 3 months ago

Canon Printer Flaw Enables Remote Code Execution

Critical Vulnerability in Drivers Affects Multiple Canon PrintersThe office printer could mete out more than ordinary frustration now that researchers discovered a vulnerability in drivers for Canon printer enabling attackers to execute arbitrary code. The flaw is an out-of-bounds vulnerability in Enhanced Metafile Recode processing.

Bank Info Security 1 year, 3 months ago

Solar Power Infrastructure Vulnerable to Hacking

Flaws in Solar Inverters Threaten Power Grid StabilityResearchers from Forescout's Vedere Labs detected security shortcomings in the world’s leading solar inverters that could enable hackers to hijack solar energy production and destabilize power grids. Flaws include unauthorized remote access, insecure authentication and remote code execution.

Bank Info Security 1 year, 6 months ago

Patch Alert: Remotely Exploitable LDAP Flaws in Windows

Proof-of-Concept Exploit 'LDAP Nightmare' Crashes 'Any Unpatched Windows Server'Security experts are urging all organizations that use Microsoft Windows to ensure they install patches, released last month, to fix Lightweight Directory Access Protocol denial-of-service and remote code execution flaws. Researchers have released a proof-of-concept exploit for the latter flaw.

Bank Info Security 1 year, 8 months ago

Cloud Platform Bugs Threaten Smart Home Security

Researchers Find Exploitable Flaws in the OvrC PlatformSecurity flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.

Bank Info Security 1 year, 10 months ago

CloudImposer RCE Vulnerability Targets Google Cloud Platform

Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' ServersGoogle patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.

Companies Eager for Tools Are Putting AI's Transformative Power Ahead of SecurityHackers targeting a popular open-source project for running artificial intelligence tool Ollama could run into a big "Probllama" if they haven't yet patched, said security researchers from Wiz. Companies are focusing on AI's transformative power at the cost of its security.

Bank Info Security 2 years, 2 months ago

Critical Flaw in R Language Poses Supply Chain Risk

Deserialization Vulnerability Allows for Remote Code ExecutionA high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak malicious code into serialized data.

Bank Info Security 2 years, 2 months ago

Patched Deserialization Flaw in Siemens Product Allows RCE

The Siemens Simatic Energy Manager Used an Unsafe BinaryFormatter MethodResearchers detailed a deserialization vulnerability in Siemens software used to monitor energy consumption in industrial settings and attributed the flaw to the German conglomerate's decision to use a programming method that has known security risks.