Yahoo servers were infiltrated in the past two weeks by hackers who exploited the widespread Shellshock vulnerability, according to an independent security researcher. Yahoo said on Monday that no user data was at risk. The Internet addresses of the breached Yahoo servers indicate that one was a Yahoo Sports server, according to a report by Future South Technologies president Jonathan Hall published late Sunday night. The report also said that Lycos, a search engine and portal dating back to 1994, and WinZip, a file-compression tool, were vulnerable to the Shellshock bug. Shellshock, also known as the Bash bug, is a decades-old security hole discovered on September 24 that opens the vast majority of computers that run Linux and Unix — including Apple’s Mac OS X — to hackers. Hackers can easily exploit the flaw to run potentially harmful code inside a bash shell, a simple interface commonly used to tell the computer what to do.