Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

30 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 30 Filtered view
Bank Info Security 23 hours, 34 minutes ago

CISA Adds FortiSandbox Bugs to KEV Catalog

Agencies Have Until Sunday to Patch Two Critical Command Injection FlawsCISA added two critical FortiSandbox command injection vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active attacks. Experts warn that unauthenticated remote code execution could let attackers compromise malware analysis systems and pivot deeper into enterprise networks.

Bank Info Security 1 month, 3 weeks ago

RondoDox Botnet Exploits 2018 Flaw in Asus Routers

Botnet Operators Execute First Known Exploit of Nearly Decade-Old FlawOperators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17.

Bank Info Security 3 months, 2 weeks ago

Under Fire: Attackers Target Flaws in F5 and Citrix Gear

F5 Revises Severity of Flaw Disclosed Last YearFlaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a "memory overread" flaw in NetScaler Application Delivery Controller.

Bank Info Security 5 months, 3 weeks ago

Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging FaceResearchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code ExecutionAn attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Bank Info Security 8 months ago

Hackers Exploited Cisco ISE Zero-Day

Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

Remote Code Execution Flaw Affects More Than 5,000 ServersThreat actors are actively exploiting a critical vulnerability in a server file transfer solution. Researchers say the flaw in Wing FTP Server could allow threat actors to execute system-level commands remotely, using null byte and Lua injection without authentication.

Thousands of MCP Servers Leave AI Apps Open to Attack SurfacesHundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Researchers in Proof of Concept Show Exploit Potential for Widely Used SoftwareTechnical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.

Bank Info Security 1 year, 2 months ago

AirBorne and Dangerous: Hacking Through the Soundwaves

Researchers Uncover Bugs in Apple’s AirPlay, Risking Takeover of Smart DevicesVulnerabilities in wireless streaming protocol AirPlay could expose Apple operating system devices to remote code execution by enabling attackers to infiltrate networks through trusted connections. The flaws are in the software development kit used by third-party manufacturers.

Bank Info Security 1 year, 3 months ago

Canon Printer Flaw Enables Remote Code Execution

Critical Vulnerability in Drivers Affects Multiple Canon PrintersThe office printer could mete out more than ordinary frustration now that researchers discovered a vulnerability in drivers for Canon printer enabling attackers to execute arbitrary code. The flaw is an out-of-bounds vulnerability in Enhanced Metafile Recode processing.

Bank Info Security 1 year, 3 months ago

Solar Power Infrastructure Vulnerable to Hacking

Flaws in Solar Inverters Threaten Power Grid StabilityResearchers from Forescout's Vedere Labs detected security shortcomings in the world’s leading solar inverters that could enable hackers to hijack solar energy production and destabilize power grids. Flaws include unauthorized remote access, insecure authentication and remote code execution.

Also: Google Fixes YouTube Vulnerabilities That Could Have Exposed User EmailsThis week: Microsoft, Ivanti and Google release fixes for critical vulnerabilities and urge priority patching; Lee Enterprises confirms a cyberattack disrupted newspaper operations; and thousands of KerioControl Firewalls exposed to critical remote code execution flaws.

Bank Info Security 1 year, 5 months ago

Hackers Are Exploiting Trimble Cityworks, CISA Warns

Feds Order Agencies to Patch Critical Flaw in Widely Used Local Government SystemHackers are exploiting a critical vulnerability in Trimble's Cityworks platform, an infrastructure management tool used by governments that enables remote code execution on Microsoft IIS web servers. CISA has ordered federal civilian agencies to patch a critical vulnerability by Feb. 28.

Bank Info Security 1 year, 8 months ago

Cloud Platform Bugs Threaten Smart Home Security

Researchers Find Exploitable Flaws in the OvrC PlatformSecurity flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.

Bank Info Security 1 year, 9 months ago

Ivanti Confirms Exploitation of an Old Critical Vuln

Remote Code Execution Bug Exploited in Limited AttacksIvanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code.

Bank Info Security 1 year, 9 months ago

Third Party Zero-Day Bug Exploited in Rackspace Systems

Rackspace Scrambles to Patch Zero Day Dashboard BugRackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability.

Bank Info Security 1 year, 9 months ago

Rockwell Automation PLC Software Contains RCE Flaw

Attackers Could Shut Down Operations Or Cause Physical DamageA severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code. The vulnerability is rated 8.8 on the CVSS v4 scale. The U.S. Cybersecurity and Infrastructure Security Agency advised immediate patching.

Bank Info Security 1 year, 10 months ago

CloudImposer RCE Vulnerability Targets Google Cloud Platform

Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' ServersGoogle patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.

Loading more headlines...