A serious vulnerability in the Funnel Builder plugin for WordPress is being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This allows them to steal customers' credit card information during transactions. The exploit is particularly dangerous as it targets e-commerce sites using the WooCommerce platform, affecting both businesses and their customers. Website owners using this plugin should take immediate action to protect their customers and their own financial interests. The ongoing exploitation of this bug highlights the need for vigilance in securing online payment systems.
Articles tagged "Critical"
Found 893 articles
Help Net Security
Cisco has released a patch for a serious security vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN solutions. This flaw allows attackers to bypass authentication in both the Catalyst SD-WAN Controller and the Catalyst SD-WAN Manager, which are critical components for managing SD-WAN deployments. The vulnerability has been actively exploited by a sophisticated cyber threat actor, putting both on-premises and cloud users at risk. Organizations using these Cisco products should prioritize applying the patch to safeguard their networks from potential breaches. Failure to address this vulnerability could lead to unauthorized access and significant security incidents.
ESET has reported that the Ghostwriter group, also known as FrostyNeighbor, has resumed its cyberattacks on Ukrainian government organizations. This activity has been ongoing since at least March 2026 and follows a pattern similar to their previous campaigns. The group appears to be targeting sensitive government systems, which raises concerns about the security of critical infrastructure in Ukraine. As the conflict in the region continues, these attacks could have serious implications for government operations and national security. Researchers emphasize the need for heightened vigilance and improved cybersecurity measures within affected organizations.
Help Net Security
Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.
Google's latest Chrome update, version 148, addresses several critical vulnerabilities, including a serious use-after-free issue affecting various browser components. This type of vulnerability can allow attackers to execute arbitrary code, potentially leading to unauthorized access or data breaches. Users of Chrome should update to the latest version to ensure their browsers are secure. Keeping browsers up to date is crucial, as these vulnerabilities can be exploited if left unpatched. The update underscores the ongoing need for vigilance in cybersecurity, especially given the frequency of browser-based attacks.
A recent cybersecurity article warns about a significant vulnerability that cannot simply be fixed by applying patches. The issue affects multiple software systems and could leave users exposed if not addressed comprehensively. Researchers emphasize that traditional patch management strategies may not suffice, as attackers could exploit underlying flaws. This situation puts organizations at risk of data breaches and financial losses. The need for a more thorough approach to security is critical for companies relying on these systems.
A serious vulnerability in Cisco's SD-WAN network control system has been actively exploited, marking the second time this year that attackers have taken advantage of a CVSS 10.0 flaw. This critical bug poses a significant risk as it allows unauthorized access to the network, potentially compromising sensitive data and systems. Organizations using Cisco SD-WAN solutions should be particularly vigilant, as the severity of this vulnerability makes it a prime target for malicious actors. It's crucial for affected users to stay informed about the latest security updates and apply any available patches to mitigate risks associated with this vulnerability.
A serious vulnerability has been identified in Exim, an open-source mail transfer agent, which allows attackers to execute remote code. This flaw, categorized as a user-after-free issue, arises during the TLS shutdown process while processing chunked SMTP traffic. If exploited, it could enable unauthorized access to systems running affected versions of Exim, potentially leading to severe security breaches. Users and organizations relying on Exim for email services should be particularly vigilant. The urgency to patch this vulnerability is critical to prevent potential exploitation by malicious actors.
A new vulnerability named Fragnesia has been discovered in the Linux kernel, marking the third major flaw identified within two weeks. Researchers indicate that artificial intelligence tools are accelerating the process of uncovering these security issues, often faster than developers can implement fixes. This vulnerability could potentially affect a wide range of Linux-based systems, posing risks to users and organizations relying on this operating system. The ongoing discovery of these flaws raises concerns about the security of Linux environments, especially as they are commonly used in servers and critical infrastructure. As the situation develops, it is essential for users to stay informed and apply necessary updates to protect their systems.
Recent cyber campaigns attributed to Chinese advanced persistent threat (APT) groups have expanded their targets and updated their tactics. The group known as Salt Typhoon has reportedly attacked an energy entity in Azerbaijan, raising concerns about the security of critical infrastructure in the region. Another group, Twill Typhoon, has focused on entities in Asia, deploying an updated remote access Trojan (RAT) that enhances their capabilities. These developments suggest that these APTs are adapting to better infiltrate and exploit various sectors, which could lead to increased risks for organizations in affected areas. As these campaigns evolve, organizations need to bolster their cybersecurity measures to defend against such sophisticated attacks.
Security Affairs
A Chinese-linked hacking group known as FamousSparrow has targeted an Azerbaijani oil and gas company in a series of espionage attacks. The group repeatedly exploited the same entry point for three separate intrusions between December 2025 and February 2026. These attacks are part of a broader campaign aimed at gathering intelligence from the energy sector, which is vital for Azerbaijan's economy. The repeated access indicates a level of persistence and sophistication in their approach, raising concerns about the security measures in place to protect critical infrastructure. This situation underscores the ongoing risks that state-sponsored actors pose to national energy resources and the need for enhanced cybersecurity protocols in the sector.
Researchers have identified multiple vulnerabilities in NGINX Plus and NGINX Open, including a severe flaw that has existed for 18 years. The most critical issue, a heap buffer overflow in the ngx_http_rewrite_module (CVE-2026-42945), could allow attackers to execute arbitrary code remotely without authentication. This vulnerability has a high severity score of 9.2 on the CVSS v4 scale. Organizations using these web servers are at risk, as the flaw could lead to significant security breaches. It is crucial for affected users to address this vulnerability promptly to safeguard their systems.
A serious vulnerability has been found in certain configurations of the Exim mail transfer agent, which could allow remote attackers to execute arbitrary code without authentication. This flaw poses a significant risk to systems running Exim, as it could lead to unauthorized access and control over affected servers. Organizations using Exim should take immediate action to assess their configurations, as attackers could exploit this vulnerability if not addressed promptly. The issue emphasizes the need for regular updates and security checks in mail server configurations to protect against potential breaches. Users and administrators are advised to stay vigilant and ensure they are running the latest versions of the software.
SentinelOne's recent report focuses on the growing risks associated with cloud secrets and artificial intelligence systems. Researchers found that attackers are increasingly targeting sensitive information stored in cloud environments, exploiting weaknesses in how organizations manage secrets such as API keys and access tokens. This trend raises significant concerns, as improper handling of these secrets can lead to unauthorized access and data breaches. Companies must enhance their security measures to protect these critical assets, especially as reliance on cloud and AI technologies continues to rise. The findings serve as a wake-up call for businesses to reassess their security protocols and ensure that they are safeguarding their digital infrastructure effectively.
Security Affairs
A serious vulnerability, identified as CVE-2025-32975, has been discovered in Quest KACE SMA, an endpoint management tool used by organizations to oversee their IT assets. This flaw poses a significant risk as it could allow attackers to compromise all managed systems within affected organizations. Researchers have determined that around 60 organizations may be vulnerable due to this unpatched issue. The potential for widespread impact makes it crucial for companies using this software to take immediate action to secure their systems. Ignoring this vulnerability could lead to severe operational disruptions and data breaches.