⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod
Palo Alto Networks warns that attackers are actively exploiting CVE-2026-0257, a PAN-OS flaw that lets unauthorized users bypass authentication and establish VPN connections. Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a PAN-OS authentication bypass vulnerability affecting GlobalProtect portals and gateways. Palo Alto Networks addressed the vulnerability on May 13. Two weeks later, cybersecurity firm Rapid7 […]
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS […]
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild
Alleged Nation-State Hacker Being Held in Houston JailU.S. prosecutors allege 34-year-old Chinese national Xu Zewei operated under China’s Ministry of State Security to hack universities and firms during the pandemic, exploiting VPN and Exchange flaws and exfiltrating research data in a Silk Typhoon campaign.
F5 Revises Severity of Flaw Disclosed Last YearFlaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a "memory overread" flaw in NetScaler Application Delivery Controller.
Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. [...]
Also, Envoy Air Confirms Data Compromise Following Clop Extortion CampaignThis week, Qilin didn't hack a Spanish tax agency, Nexperia standoff, Envoy Air confirmed a data compromise, Experian Netherlands fined 2.7M euros, ToolShell used to breach global networks, flaws in TP-Link Omada and Festa VPN routers and a New York firm settled a cybersecurity investigation.
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code
A new study by Zimperium has revealed serious risks in free VPN apps, exposing users to privacy threats and security flaws
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access