Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

47 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 47 Filtered view

Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.…

Bank Info Security 3 months, 1 week ago

ISMG Editors: Anthropic Bug Finder Sparks Zero-Day Dread

Also: How AI May Democratize Cybercrime and How Everyday Routers Enable EspionageIn this week's ISMG panel, four ISMG editors discussed big shifts in cybersecurity: Anthropic's "dangerous" new AI model that can uncover thousands of zero-days, growing concerns about a surge in AI-driven flaws, and the FBI disrupting a Russian espionage campaign targeting everyday routers.

Bank Info Security 3 months, 2 weeks ago

Breach Roundup: Feds Confirm 'Major' Hack of FBI System

Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key ActivityThis week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K.

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai

Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.…

Bank Info Security 9 months, 1 week ago

Clop Attacks Against Oracle E-Business Suite Trace to July

Signs Point to Multiple Exploit Chains, One Including a Zero-Day, Being EmployedData-stealing attacks targeting Oracle E-Business Suite, for which an affiliate of Russian-speaking Clop ransomware group is claiming credit, appear to have begun by August and involved multiple attack chains, of which one targeted a zero-day vulnerability, report Google threat researchers.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last MonthAffiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky DataThis week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.

Bank Info Security 11 months ago

Russian Hackers Exploit WinRAR Zero-Day

RomCom Group Deployed SnipBot, RustyClaw and Mythic Agent VariantsA Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability.

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET

Loading more headlines...