Drupal has issued urgent security updates to address a serious vulnerability in Drupal Core, identified as CVE-2026-9082. This flaw can allow attackers to execute malicious code remotely, escalate privileges, or disclose sensitive information on PostgreSQL sites. With a CVSS score of 6.5, the vulnerability affects users relying on Drupal's database abstraction API. This issue is particularly concerning for organizations using Drupal for their web applications, as the potential for exploitation could lead to significant data breaches or system compromises. Users are strongly advised to apply the available security updates promptly to mitigate the risk.
Articles tagged "Critical"
Found 892 articles
A serious vulnerability has been found in the operating system used by certain robotic systems, allowing unauthenticated attackers to execute command injections. This flaw enables attackers to gain remote access, potentially leading to significant disruptions in environments that rely on these robots. Affected organizations need to take immediate action to protect their systems, as the implications of such control could be severe, impacting operations and safety. Users of the affected robotic systems should prioritize applying any available patches to mitigate this risk. The vulnerability underscores the need for ongoing vigilance in securing operational technology environments.
Drupal is set to release a core security update today to address a significant vulnerability that could be exploited by attackers shortly after its announcement. The organization has cautioned that malicious actors are likely to create exploits within hours of the update going public. This means that any websites or applications running on affected versions of Drupal could be at risk if they do not update promptly. Users of Drupal should prioritize applying this critical update to protect their systems from potential attacks. The announcement underscores the need for vigilance in maintaining the security of web applications, particularly those built on widely used platforms like Drupal.
On July 23, 2025, Luxembourg experienced a major telecom outage that lasted over three hours, affecting landline, 4G, 5G, and emergency services. The disruption was reportedly caused by a zero-day vulnerability in Huawei enterprise routers. This flaw allowed attackers to exploit the system, leading to widespread communication failures across the country. The incident raised concerns about the security of telecom infrastructure and the potential risks associated with undisclosed vulnerabilities in widely used equipment. The implications of this outage are significant, as it not only disrupted everyday communications but also emergency services, highlighting the critical need for robust cybersecurity measures in telecommunications.
CyberScoop
A recent report from Verizon revealed a significant rise in the number of security breaches caused by exploited vulnerabilities last year. Many organizations are failing to address these critical defects, leaving their systems open to attacks. The report emphasizes that these vulnerabilities have become the primary entry point for cybercriminals, meaning that companies need to prioritize patching and updates to protect their systems. This trend points to a concerning oversight in cybersecurity practices across various industries, where outdated software and unaddressed vulnerabilities can lead to severe data breaches and financial loss. As attackers continue to exploit these weaknesses, the urgency for organizations to strengthen their security measures has never been greater.
Universal Robots has addressed a serious security vulnerability in its collaborative robots, or 'cobots,' which could allow attackers to take control of production systems from a distance. The flaw has been rated 9.8 on the CVSS scale, indicating its severity and potential impact on operations. Companies using these cobots need to ensure they apply the latest patches to protect their systems. If left unaddressed, this vulnerability could disrupt manufacturing processes and lead to significant financial losses. Users should stay informed about updates to minimize risks associated with this flaw.
Drupal has announced a highly critical vulnerability that poses a significant risk of exploitation in the near future. The organization warns that attackers could develop an exploit for this vulnerability within hours or days, putting numerous sites at risk. This issue affects users of Drupal, a popular content management system used by many websites globally. The urgency of the situation stems from the potential for rapid attacks, which could compromise site security and user data. As a result, Drupal is working on a patch to address the vulnerability, emphasizing the need for users to stay vigilant and apply updates as soon as they become available.
Recent reports suggest that Iranian hackers may have accessed automatic tank gauge systems at gas stations across the United States. These systems were reportedly exposed online without proper password protection, making them vulnerable to unauthorized access. This breach raises concerns about the safety and security of fuel supplies, as attackers could potentially manipulate fuel levels or disrupt operations. The incident highlights the risks associated with inadequate cybersecurity measures in critical infrastructure. As gas stations rely on these systems for inventory management, any compromise could lead to significant operational challenges and public safety issues.
Researchers recently released a proof of concept (PoC) for a vulnerability in the Linux kernel known as DirtyDecrypt, which was patched back in April. This vulnerability allows local attackers to gain elevated privileges, potentially giving them root access to affected systems. While the vulnerability was addressed in a previous update, the release of the PoC means that those who haven't applied the patch could be at risk. It is crucial for users and administrators of Linux systems to ensure they are running the latest updates to mitigate this risk. The implications of this vulnerability are significant, especially for environments where security is paramount, such as servers and critical infrastructure.
A newly discovered vulnerability, identified as CVE-2026-8153, poses a significant risk to Universal Robots' PolyScope 5 software used in industrial robot fleets. This flaw allows attackers to exploit the system through OS command injection, potentially compromising the operation of robotic systems. Organizations using these robots could face unauthorized access and manipulation of their automated processes, leading to operational disruptions or safety hazards. The issue highlights the need for companies to assess their systems and take proactive measures to safeguard their robotic operations. Immediate attention to this vulnerability is crucial for maintaining security in environments that rely on industrial automation.
A serious vulnerability has been discovered in F5 NGINX, a widely used web server technology that powers about one-third of all websites globally. This vulnerability is currently being exploited by attackers, raising alarms among cybersecurity experts. The issue poses a significant risk to countless websites and web applications that rely on NGINX for handling web traffic. Organizations using NGINX should take immediate action to assess their systems and implement necessary security measures to protect against potential attacks. The urgency of this situation is underscored by the fact that the vulnerability is actively being targeted in the wild, making prompt remediation essential to prevent data breaches and other malicious activities.
Recent reports indicate that Iran has expanded its cyber offensive by targeting automatic tank gauge (ATG) systems, which are often connected to the Internet. Security experts have long warned that these systems can be vulnerable to tampering, allowing malicious actors to manipulate fuel tank operations. This poses significant risks not only to the oil and gas sector but also to the safety and security of critical infrastructure. The attack raises concerns about the broader implications of cyber warfare, particularly as these systems are vital for monitoring and managing fuel supplies. As cyber threats evolve, industries must prioritize securing their Internet-connected devices to prevent such breaches.
Help Net Security
A serious vulnerability in NGINX, identified as CVE-2026-42945 and nicknamed NGINX Rift, is currently being exploited by attackers. Disclosed last week, this flaw allows attackers to send specially crafted HTTP requests to vulnerable NGINX servers, potentially leading to denial-of-service conditions and even unauthenticated remote code execution. NGINX is the most widely used web server, meaning a large number of websites and applications could be at risk. Security researcher Patrick Garrity highlighted the urgency of addressing this vulnerability as it poses significant risks to web services that rely on NGINX. It's crucial for administrators to take immediate action to protect their systems from these exploits.
The Hacker News
A serious vulnerability in the Funnel Builder plugin for WordPress is currently being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This manipulation aims to capture sensitive payment information from users during transactions. The situation was reported by Sansec, revealing that this flaw does not yet have an official Common Vulnerabilities and Exposures (CVE) identifier. Website owners using this plugin should be particularly vigilant, as the lack of a CVE means there may not be a widely known fix available at this time. This incident poses a significant risk, especially for e-commerce sites that rely on WooCommerce for processing payments.
A serious vulnerability in the Funnel Builder plugin for WordPress is being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This allows them to steal customers' credit card information during transactions. The exploit is particularly dangerous as it targets e-commerce sites using the WooCommerce platform, affecting both businesses and their customers. Website owners using this plugin should take immediate action to protect their customers and their own financial interests. The ongoing exploitation of this bug highlights the need for vigilance in securing online payment systems.