VulnHub

Real-time Cybersecurity News

Articles tagged "Critical"

Found 363 articles

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The article discusses a dual campaign targeting GlobalProtect portals and SonicWall APIs, highlighting a critical XXE vulnerability found in Apache software. This vulnerability poses a significant risk, necessitating immediate attention from affected organizations to mitigate potential exploitation.

Impact: GlobalProtect portals, SonicWall APIs, Apache software
Remediation: Organizations should apply patches and updates to affected Apache software and review configurations to mitigate the risk of exploitation.
VulnerabilityCritical
Read Original
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hacker News

CVE-2025-66516

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

Impact: Affected products include Apache Tika tika-core (versions 1.13-3.2.1), tika-pdf-module (versions 2.0.0-3.2.1), and tika-parsers (versions 1.13-1.28.5) across all platforms.
Remediation: Users are advised to apply the latest patches for the affected modules: tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1), and tika-parsers (1.13-1.28.5) to mitigate the vulnerability.
CVEVulnerabilityPatchCritical
Read Original
React2Shell Vulnerability Under Attack from China-Nexus Groups

darkreading

Actively Exploited

A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.

Impact: React JavaScript library
Remediation: Patch the React library to the latest version as soon as possible.
VulnerabilityPatchCritical
Read Original
Cloudflare Outage Caused by React2Shell Mitigations

SecurityWeek

Actively Exploited

The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.

Impact: React framework, Cloudflare services
Remediation: Organizations using React should immediately update to the latest version of the framework and implement security best practices to mitigate the risk of exploitation. Regularly review and apply security patches as they become available.
ExploitVulnerabilityCritical
Read Original
Cloudflare blames today's outage on emergency React2Shell patch

BleepingComputer

Actively Exploited

Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.

Impact: React framework versions vulnerable to remote code execution, impacting applications built using React.
Remediation: Apply the emergency patch provided by the React development team to mitigate the vulnerability. Ensure all applications using React are updated to the latest secure version as soon as possible.
VulnerabilityPatchCritical
Read Original
CISA Publishes Security Guidance for Using AI in OT

darkreading

The article discusses newly published guidance from global cybersecurity agencies on the safe deployment of artificial intelligence in operational technology (OT), which is essential for critical infrastructure. This guidance aims to address potential security risks associated with AI in OT environments.

Impact: Operational technology systems and critical infrastructure
Remediation: Follow the guidance provided by global cybersecurity agencies regarding AI deployment in OT
Critical
Read Original
CISA and International Partners Issue Guidance for Secure AI in Infrastructure

Infosecurity Magazine

Cybersecurity agencies have released guidance aimed at ensuring the secure integration of artificial intelligence into operational technology (OT) systems. This guidance highlights the importance of addressing potential vulnerabilities and threats associated with AI in critical infrastructure.

Impact: N/A
Remediation: Implement the guidance provided by cybersecurity agencies for secure AI integration in OT systems.
Critical
Read Original
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

Actively Exploited

Cloudflare's Q3 2025 DDoS Threat Report highlights the unprecedented scale of a DDoS attack launched by the Aisuru botnet, reaching 29.7 Tbps. This surge in attacks indicates a growing threat landscape, particularly affecting critical sectors and emphasizing the need for enhanced cybersecurity measures.

Impact: N/A
Remediation: Organizations should implement robust DDoS mitigation strategies, including traffic filtering, rate limiting, and deploying advanced security solutions to protect against large-scale attacks.
BotnetDDoSCritical
Read Original
Critical React, Next.js flaw lets hackers execute code on servers

BleepingComputer

The article discusses a critical vulnerability known as 'React2Shell' in the React Server Components (RSC) 'Flight' protocol, which allows remote code execution without authentication in React and Next.js applications. This severe flaw poses significant risks to developers and organizations using these frameworks, as it could lead to unauthorized access and control over servers.

Impact: React, Next.js applications using the React Server Components 'Flight' protocol
Remediation: Developers are advised to review their applications for the vulnerability and apply necessary security patches or updates as they become available. Regular security audits and code reviews are recommended.
VulnerabilityCritical
Read Original
How strong password policies secure OT systems against cyber threats

BleepingComputer

The article discusses the vulnerabilities in operational technology (OT) environments due to weak password policies, highlighting that aging systems and shared accounts can lead to significant cyber threats. It emphasizes the importance of implementing stronger password policies and continuous monitoring for compromised credentials to enhance the security of critical OT infrastructure.

Impact: OT systems, shared accounts, remote access technologies
Remediation: Implement stronger password policies, conduct continuous checks for compromised credentials
Critical
Read Original
Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT

SecurityWeek

Global cyber agencies have released a 25-page document outlining four key principles for the secure integration of artificial intelligence with operational technology in critical infrastructure. This guidance aims to enhance security measures and mitigate potential risks associated with AI deployment in vital systems.

Impact: N/A
Remediation: Implement the four principles outlined in the guidance document for secure AI integration.
Critical
Read Original
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

The Hacker News

Actively Exploited

The article highlights various cybersecurity threats, including a significant exploit in the DeFi space that resulted in the theft of $9 million. It emphasizes the ongoing battle between hackers and security measures across multiple platforms, including Wi-Fi and coding tools.

Impact: DeFi applications, Wi-Fi networks, npm package ecosystem
Remediation: Implement security best practices for Wi-Fi networks, regularly update coding tools, and monitor DeFi applications for unauthorized access.
PhishingExploitCritical
Read Original
React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

SecurityWeek

Actively Exploited

The article discusses a critical vulnerability in React, identified as CVE-2025-55182, which affects only instances utilizing a newer feature. The researcher warns that exploitation of this vulnerability is expected in the wild, emphasizing the urgency for affected users to take action.

Impact: React instances using the newer feature associated with CVE-2025-55182.
Remediation: Users of affected React instances should review their implementations of the newer feature and apply any available security patches or updates from React's official repository. Additionally, it is advisable to implement security best practices such as input validation and access controls to mitigate potential exploitation.
CVEVulnerabilityCritical
Read Original
CIS, Astrix, and Cequence partner on new AI security guidance

Help Net Security

The article discusses a new partnership between the Center for Internet Security, Astrix Security, and Cequence Security to create cybersecurity guidance specifically for AI and agentic systems. This initiative aims to address the unique risks posed by autonomous decision-making and automated threats in AI environments, building on the existing CIS Critical Security Controls.

Impact: N/A
Remediation: N/A
Critical
Read Original
Senate divided over response to China telecom hacks

SCM feed for Latest

Actively Exploited

The U.S. Senate hearing has highlighted a significant political divide regarding the response to China's Salt Typhoon cyber intrusions, which have compromised major telecommunications networks. This ongoing campaign raises concerns about national security and the integrity of critical infrastructure.

Impact: Major telecommunications networks
Remediation: N/A
Critical
Read Original
PreviousPage 21 of 25Next