Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

50 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 50 Filtered view

F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing […]

Bank Info Security 3 months, 2 weeks ago

Under Fire: Attackers Target Flaws in F5 and Citrix Gear

F5 Revises Severity of Flaw Disclosed Last YearFlaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a "memory overread" flaw in NetScaler Application Delivery Controller.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation

Concerns Grow Over F5 Hacking Amid Stalled Government ShutdownFederal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.

Federal Agencies Ordered to Patch or Decommission F5 Devices Amid Imminent RiskAn advanced nation-state threat actor stole sensitive F5 source code and vulnerability data to craft tailored exploits, prompting an emergency directive amid a U.S. government shutdown that has left cyber defenses strained and federal networks at "imminent risk."

Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.…

Agency Says Cookies Could Help Attackers Find Network Assets, VulnerabilitiesUnencrypted cookies tied to a suite of secure gateway technology from F5 are gateways for hackers to reach internal devices on corporate networks, warns the Cybersecurity and Infrastructure Security Agency. BIG-IP uses persistent cookies as a traffic load-balancing convenience.

Bank Info Security 1 year, 10 months ago

New HackerOne CEO Kara Sprague to Expand Beyond Bug Bounties

Sprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red TeamingHackerOne has tapped F5's longtime product leader as it next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with building on existing growth in areas including AI red teaming and penetration testing as a service.

Bank Info Security 2 years, 2 months ago

Report: Undetectable Threats Found in F5's Central Manager

Researchers Discover Major Vulnerabilities in Popular Central Management PlatformResearchers identified major security vulnerabilities in F5's Next Central Manager that could allow hackers to gain a persistent, undetectable presence within any organization's network infrastructure connected to F5 assets, according to a Wednesday report.

Loading more headlines...