Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]
Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials
Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. [...]
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.…
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS)
Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing AttacksHackers have been exploiting a zero-day vulnerability dubbed "ToolShell" in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches, experts warn administrators to also rotate keys, to help eject attackers.
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]
AG Says HealthAlliance Tried But Failed to Fix Zero-Day Flaw That Led to ExploitNew York State has levied a $550,000 fine against a healthcare group that tried - but failed - to patch a critical zero-day vulnerability in a Citrix NetScaler appliance used for telemedicine. Hackers exploited the flaw, stealing 196 gigabytes of data in an incident affecting 242,000 people.
The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...]
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. [...]
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials