Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

144 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 144 Filtered view

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026

LegacyHive PoC exposes a Windows Privilege Escalation flaw affecting fully patched Windows desktop and server systems. Just hours after Microsoft’s July 2026 Patch Tuesday, security researcher Nightmare Eclipse, also known as Chaotic Eclipse, published a new Windows zero-day proof-of-concept called LegacyHive. This time, the target is the Windows User Profile Service (ProfSvc), and unlike the […]

Microsoft confirmed the RoguePlanet Defender zero-day (CVE-2026-50656), a privilege escalation flaw, and is developing a security patch. Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft Defender, tracked as CVE-2026-50656 (CVSS score of 7.8). The vulnerability allows privilege escalation through the Microsoft Malware Protection Engine. The company stated it is aware of the issue and is […]

The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with […]

Microsoft Patch Tuesday security updates for June 2026 fix a record 208 CVEs, including one actively exploited zero-day and multiple critical RCE flaws. Microsoft Patch Tuesday security updates for June 2026 mark a record. Microsoft shipped fixes for 208 CVEs across Windows, Office, Azure, Exchange, Hyper-V, Secure Boot, BitLocker, and a range of AI tooling. […]

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems

Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.…

Krebs on Security 3 months ago

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

Loading more headlines...