Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

95 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 95 Filtered view

This isn't just a nostalgia trip – billions of legacy microcontrollers may be at risk AI can reverse engineer machine code and find vulnerabilities in ancient legacy architectures, says Microsoft Azure CTO Mark Russinovich, who used his own Apple II code from 40 years ago as an example.…

Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.…

Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history Microsoft Teams, one of the world's most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.…

Expired security cert, real Brussels agenda, plus PlugX malware finish the job Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details.…

If at first you don’t succeed, patch and patch again More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.…

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass.…

Although it hasn't been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.…

Better late than never after SharePoint assault? Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program.…

Loading more headlines...