Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

59 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 59 Filtered view
Bank Info Security 6 months, 2 weeks ago

RondoDox Botnet Exploiting Devices With React2Shell Flaw

The Campaign Compromises Open-Source Vulnerability to Hack IoT Devices at ScaleSecurity firm CloudSEK has uncovered a botnet campaign that is exploiting the React2Shell vulnerability in the Meta-developed, open-source React framework across a variety of devices since December. The security firm attributed the campaign to RondoDox.

State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately.…

Bank Info Security 8 months ago

Hackers Exploited Cisco ISE Zero-Day

Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

Bank Info Security 8 months, 1 week ago

Unpatched Windows Flaw a Boon for Nation-State Hackers

Chinese Hackers Target European Diplomats with LNK File FlawChinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach

Bank Info Security 10 months, 3 weeks ago

McFlaw: Hacker Breaches McDonald's Portal With URL Trick

Hacking Was the Easy Part, Notifying McDonald's the Extremely Difficult BitA security researcher gained access to McDonald's global marketing portal by changing a single word in its URL, uncovering a slew of additional vulnerabilities. The hard part was notifying the burger giant about the flaws, says self-described ethical hacker "BobDaHacker."

Bank Info Security 11 months ago

Russian Hackers Exploit WinRAR Zero-Day

RomCom Group Deployed SnipBot, RustyClaw and Mythic Agent VariantsA Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability.

Also: CISA Warns of Unpatched Train Brake VulnerabilityThis week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier.

Researchers Uncover Critical Flaws Enable Remote Device TakeoverA ubiquitous industrial power monitoring device contains three critical vulnerabilities in its firmware that could allow attackers to disrupt operations by remotely crashing them or executing unwanted code. The device is the Rockwell Automation PowerMonitor 1000 Remote.

Bank Info Security 1 year, 2 months ago

AirBorne and Dangerous: Hacking Through the Soundwaves

Researchers Uncover Bugs in Apple’s AirPlay, Risking Takeover of Smart DevicesVulnerabilities in wireless streaming protocol AirPlay could expose Apple operating system devices to remote code execution by enabling attackers to infiltrate networks through trusted connections. The flaws are in the software development kit used by third-party manufacturers.

Loading more headlines...