Articles tagged "Critical"

Found 915 articles

A serious vulnerability in Appsmith has been discovered that could allow attackers to take over user accounts through a flawed password reset process. This flaw could potentially expose sensitive information and disrupt services for users relying on the platform for application development. The issue affects all users of Appsmith who utilize the password reset feature, making it a widespread concern. Security researchers are urging users to stay vigilant and take immediate action to protect their accounts. It's crucial for Appsmith to address this vulnerability quickly to prevent any further exploitation and maintain user trust.

Read Original
Actively Exploited

A serious vulnerability in SmarterTools' SmarterMail, identified as WT-2026-0001, is currently being exploited by attackers, just two days after a patch was released on January 15, 2026. Despite the urgency, the flaw has not yet been assigned a CVE identifier, which makes tracking and public awareness more challenging. This vulnerability could potentially affect organizations using SmarterMail, putting their email systems at risk. Given the rapid exploitation, companies relying on this software should prioritize applying the latest patch to safeguard their systems. Users are advised to remain vigilant and monitor their systems for any unusual activity that may indicate a breach.

Read Original
Actively Exploited

Large language models (LLMs) are increasingly vulnerable to a technique known as prompt injection, where users craft specific requests that trick the models into performing actions they are usually restricted from. For instance, someone could ask an LLM to provide sensitive information or execute unauthorized commands by structuring their prompts cleverly. This issue raises significant concerns as it could lead to unintended data exposure or misuse of the AI’s capabilities. As LLMs are integrated into more applications, understanding and mitigating these types of attacks becomes critical for users and developers alike. The potential for misuse highlights the need for stronger safeguards in AI systems to protect against manipulation.

Read Original

During the second day of the Pwn2Own Automotive 2026 competition, hackers successfully exploited 29 zero-day vulnerabilities, earning a total of $439,250 in rewards. This event highlights the ongoing security challenges in the automotive sector, as researchers and ethical hackers test the resilience of vehicles against cyber threats. The vulnerabilities targeted various systems within automotive technology, but specific details about the affected models or manufacturers were not provided. This incident is significant because it showcases the ease with which skilled attackers can uncover critical flaws, raising concerns about the safety and security of connected vehicles. As the automotive industry increasingly adopts smart technology, it must prioritize robust security measures to protect against such vulnerabilities.

Read Original
Actively Exploited

Recent attacks have targeted FortiGate firewalls, specifically exploiting vulnerabilities in the FortiCloud SSO login system. Hackers are bypassing authentication measures to create unauthorized accounts, which allows them to alter device configurations. This poses a significant risk to organizations using FortiGate products, as attackers can manipulate firewall settings and potentially compromise network security. Security researchers have raised alarms about this issue, urging companies to take immediate action to secure their devices. The situation underscores the need for vigilance in monitoring access to critical security infrastructure.

Read Original

Arctic Wolf has reported a surge in automated attacks targeting Fortinet FortiGate devices, which has been ongoing since January 15, 2026. These attacks involve unauthorized changes to firewall configurations, with attackers creating generic accounts to maintain access, enabling VPN capabilities, and exfiltrating sensitive firewall data. This activity mirrors similar attacks identified in December 2025. Organizations using FortiGate firewalls should be vigilant, as these breaches can compromise network security and expose critical information. The situation emphasizes the need for enhanced security measures and monitoring to detect such unauthorized activities.

Read Original

Atlassian, GitLab, and Zoom have recently released security patches addressing more than two dozen vulnerabilities, some of which are classified as critical or high-severity. These updates aim to protect users from potential attacks that could exploit these weaknesses. Affected products include popular collaboration tools and development platforms, which are widely used in various organizations. It's crucial for users of these applications to apply the patches promptly to safeguard their systems against possible exploitation. The vulnerabilities could allow unauthorized access or other malicious activities if not addressed, making timely updates essential for maintaining security.

Read Original
Actively Exploited

Cisco has addressed a serious security flaw in its Unified Communications and Webex Calling platforms, identified as CVE-2026-20045. This vulnerability allows attackers to execute arbitrary commands remotely without authentication, posing a significant risk to users. The flaw has been actively exploited in the wild, which raises concerns for organizations relying on these communication tools. With a CVSS score of 8.2, it is classified as critical, emphasizing the urgency for users to apply the available patches. Companies utilizing Cisco's services should prioritize updating their systems to mitigate potential attacks.

+1 more
Read Original

Cisco has addressed a serious vulnerability in its Unified Communications and Webex Calling platforms, identified as CVE-2026-20045. This remote code execution flaw was found to be actively exploited by attackers, posing a significant risk to users. The vulnerability could allow unauthorized access to systems, potentially leading to data breaches or service disruptions. Organizations using these Cisco products are urged to apply the latest updates to mitigate the risk. This incident underscores the importance of timely patch management in maintaining cybersecurity hygiene.

Read Original

A new type of Linux malware called VoidLink has emerged, specifically targeting cloud environments. What makes this malware stand out is that it has been primarily developed using artificial intelligence. Researchers are concerned about its sophistication and the potential risks it poses to organizations that rely on cloud services. The use of AI in its development could allow for more adaptive and dangerous attacks, making it critical for companies to bolster their security measures. As this malware evolves, it could lead to significant data breaches if not addressed promptly.

Read Original

Anthropic has addressed several critical vulnerabilities found in their Git MCP server, identified by the AI security startup Cyata. The issues include a path validation bypass (CVE-2025-68145), an unrestricted git_init problem (CVE-2025-68143), and an argument injection vulnerability in git_diff (CVE-2025-68144). These vulnerabilities could potentially allow attackers to manipulate Git operations, which could compromise the integrity of code repositories. It is essential for users of the Git MCP server to apply the latest patches to ensure their systems are secure against these threats, as failure to do so may expose them to exploitation. Users are urged to stay informed about these vulnerabilities and take necessary actions to protect their environments.

Read Original

TP-Link has addressed a serious vulnerability in its VIGI camera line, which was rated with a CVSS score of 8.7. This flaw allowed attackers on the same local network to bypass authentication during the password recovery process, potentially giving them unauthorized access to the cameras. Users of TP-Link VIGI cameras should be aware of this issue, as it could compromise the security of their surveillance systems. The company has released patches to fix this vulnerability, and it is crucial for users to apply these updates promptly to protect their devices from potential exploitation. Ensuring that all camera firmware is up-to-date is essential for maintaining security.

Read Original

Zoom and GitLab have rolled out security updates to fix several vulnerabilities, including a critical flaw that could allow remote code execution (RCE) on Zoom Node Multimedia Routers (MMRs). This vulnerability, identified as CVE-2026-22844, poses a significant risk as it could enable an attacker to execute malicious code during a meeting. Additionally, the updates address issues related to denial-of-service (DoS) attacks and two-factor authentication (2FA) bypasses, which could compromise user accounts. Organizations using these platforms should prioritize applying the latest updates to safeguard their systems against potential exploitation. Keeping software up to date is crucial to maintaining security and protecting sensitive data.

Read Original

The European Union has proposed a new cybersecurity law aimed at banning high-risk suppliers from providing equipment for sensitive infrastructure. Although no specific companies were named, this initiative empowers the European Commission to conduct risk assessments and impose restrictions or outright bans on certain technologies deemed insecure. This move is part of a broader effort to bolster the EU's cybersecurity framework and protect critical infrastructure from potential threats. The implications of this legislation could significantly impact suppliers and manufacturers of technology within the EU, as they may need to comply with stricter regulations to operate in the market. The proposal emphasizes the importance of ensuring that critical systems are safeguarded against vulnerabilities that could be exploited by malicious actors.

Read Original

A recent study has uncovered that 64% of third-party applications are accessing sensitive user data without proper authorization. This alarming statistic raises concerns about data privacy and security, particularly for users who may unknowingly grant permissions to these applications. The research suggests that many apps do not have adequate safeguards in place to protect sensitive information, which could lead to unauthorized data exposure. This issue affects a wide range of applications across various platforms and industries, putting personal and organizational data at risk. Users and companies must be more vigilant about the permissions they grant to third-party apps to safeguard their sensitive information.

Read Original
PreviousPage 46 of 61Next