Articles tagged "Critical"

Found 917 articles

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hacker News

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

Read Original

A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.

Read Original
Actively Exploited

The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.

Read Original
Actively Exploited

Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.

Read Original

The article discusses newly published guidance from global cybersecurity agencies on the safe deployment of artificial intelligence in operational technology (OT), which is essential for critical infrastructure. This guidance aims to address potential security risks associated with AI in OT environments.

Read Original

Cybersecurity agencies have released guidance aimed at ensuring the secure integration of artificial intelligence into operational technology (OT) systems. This guidance highlights the importance of addressing potential vulnerabilities and threats associated with AI in critical infrastructure.

Read Original
Critical
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

Actively Exploited

Cloudflare's Q3 2025 DDoS Threat Report highlights the unprecedented scale of a DDoS attack launched by the Aisuru botnet, reaching 29.7 Tbps. This surge in attacks indicates a growing threat landscape, particularly affecting critical sectors and emphasizing the need for enhanced cybersecurity measures.

Read Original

The article discusses a critical vulnerability known as 'React2Shell' in the React Server Components (RSC) 'Flight' protocol, which allows remote code execution without authentication in React and Next.js applications. This severe flaw poses significant risks to developers and organizations using these frameworks, as it could lead to unauthorized access and control over servers.

Read Original

The article discusses the vulnerabilities in operational technology (OT) environments due to weak password policies, highlighting that aging systems and shared accounts can lead to significant cyber threats. It emphasizes the importance of implementing stronger password policies and continuous monitoring for compromised credentials to enhance the security of critical OT infrastructure.

Read Original

Global cyber agencies have released a 25-page document outlining four key principles for the secure integration of artificial intelligence with operational technology in critical infrastructure. This guidance aims to enhance security measures and mitigate potential risks associated with AI deployment in vital systems.

Read Original

The article discusses a new partnership between the Center for Internet Security, Astrix Security, and Cequence Security to create cybersecurity guidance specifically for AI and agentic systems. This initiative aims to address the unique risks posed by autonomous decision-making and automated threats in AI environments, building on the existing CIS Critical Security Controls.

Read Original
Actively Exploited

The U.S. Senate hearing has highlighted a significant political divide regarding the response to China's Salt Typhoon cyber intrusions, which have compromised major telecommunications networks. This ongoing campaign raises concerns about national security and the integrity of critical infrastructure.

Read Original
Actively Exploited

The article discusses a cybersecurity campaign by MuddyWater that targeted various sectors in Israel using a new backdoor known as MuddyViper. The attack, which occurred between September 30, 2024, and March 18, 2025, poses significant risks to critical infrastructure and organizations in engineering, government, and technology sectors.

Read Original
PreviousPage 58 of 62Next