NGINX Rift attackers waste no time targeting exposed servers
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
Researchers dropped a reliable root exploit and it didn’t sit idle for long CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit.…
Researchers say attackers are already looting vulnerable boxes In-the-wild exploitation of a critical Citrix NetScaler bug has begun less than a week after disclosure, with researchers warning that attackers are already poking and pillaging vulnerable boxes.…
Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google's Gemini large language model-powered applications.…
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.…
The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too Cybercriminals are trying to spread multiple Mirai variants by exploiting a critical Wazuh vulnerability, researchers say – the first reported active attacks since the code execution bug was disclosed.…
This is what happens when you publish PoCs immediately, hm? "Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.…
Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…
For now, cryptographic work should be run on slower Icestorm cores The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it.…
More than 1,000 servers remain unpatched and vulnerable Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.…
You know when we all said quit using MD5? We really meant it Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai's researchers.…
As hundreds of staff axed this week More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers.…
What could go wrong with leaving firmware open after world's biggest hacker convention talk? Multiple high-severity firmware bugs in HP enterprise computers remain unpatched, some more than a year after Binarly security researchers disclosed the vulnerabilities to HP and then discussed them at the Black Hat security conference last month.…
Déjà vu all over again for laptop maker as researchers poke holes in its code Security researchers have spotted some fresh flaws in Lenovo laptops just months after the vendor patched another batch, with the PC maker fixing a trio of vulnerabilities flagged up by ESET this week.…
Occasional gaping hole and overprivileged users still blight the Beast of Redmond Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.…
Well, that clears things up? Maybe not. The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.…