Cisco SD-WAN make-me-root bug under attack
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
Second try's a charm?
Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.…
CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31.…
Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…
High-severity CSS flaw let malicious webpages run code inside the sandbox Google has quietly pushed out an emergency Chrome fix after attackers were caught exploiting the browser's first reported zero-day of 2026.…
Flaw abused 'in an extremely sophisticated attack against specific targeted individuals' Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.…
Another actively abused Office bug, another emergency patch – Office 2016 and 2019 users are left with registry tweaks instead of fixes. Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.…
The critical-rated flaw leaves unpatched systems open to full takeover Cisco has finally shipped a fix for a critical-rated zero-day in its Unified Communications gear, a flaw that's already being weaponized in the wild, and which CISA previously flagged as an emergency priority.…
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities (KEV) catalog.…
Flaw in remote-access appliance lets attackers chain bugs for root-level takeover SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that's being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.…
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released.…
Attackers may be joining the dots to enable unauthenticated RCE Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…
'Precision espionage campaign' began months before the flaw was fixed A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April.…
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.…
The latest in a run of serious networking bugs gives attackers root if they have SNMP access Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.…
Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.…
A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…
Patch, turn on MFA, and restrict access to trusted networks…or else Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.…
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.…