Articles tagged "Critical"

Found 919 articles

A significant security breach has occurred on code formatting platforms JSONFormatter and CodeBeautify, where users have inadvertently exposed sensitive information including credentials and private keys. This incident highlights the critical need for secure handling of sensitive data in development tools.

Read Original

The article highlights a critical issue in cybersecurity where enterprises invest heavily in detection tools but fail to adequately resource their Security Operations Center (SOC). This imbalance can lead to vulnerabilities in the alert lifecycle, potentially compromising security despite significant financial investments in detection capabilities.

Read Original

ASUS has issued a firmware update to address nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud functionality. This flaw poses a significant risk as it could allow unauthorized access to the routers, potentially compromising user data and network security.

Read Original

The OnSolve CodeRED platform has suffered a ransomware attack by the Inc Ransom group, leading to significant disruptions and a data breach affecting local emergency alert systems across the United States. This incident highlights the vulnerabilities in critical communication infrastructures and the potential risks to public safety.

Read Original
Actively Exploited

A cyberattack on the OnSolve CodeRED alert platform has disrupted emergency notification services utilized by various U.S. state and local governments, police, and fire agencies. This incident highlights the vulnerabilities in critical communication systems that are essential for public safety during emergencies.

Read Original

The OnSolve CodeRED platform, used for emergency notifications by various governmental and emergency agencies across the U.S., has been disrupted by a cyberattack confirmed by Crisis24. This incident raises significant concerns about the reliability of emergency communication systems during critical situations.

Read Original

Research by watchTowr Labs has revealed that sensitive organizations are inadvertently exposing thousands of passwords and API keys by using online code formatting tools like JSONformatter and CodeBeautify. This highlights a significant cybersecurity risk, particularly for sectors such as government and critical infrastructure, where the leakage of credentials could lead to severe breaches.

Read Original
Critical
Zenitel TCIV-3+

All CISA Advisories

The Zenitel TCIV-3+ device has critical vulnerabilities, including OS Command Injection and Cross-site Scripting, with a CVSS v4 score of 10.0, indicating a severe risk of arbitrary code execution and denial-of-service. Users are strongly advised to upgrade to version 9.3.3.0 or later to mitigate these risks.

Read Original
Critical
Rockwell Automation Arena Simulation

All CISA Advisories

Rockwell Automation's Arena Simulation software has a stack-based buffer overflow vulnerability that could allow local attackers to execute arbitrary code. The vulnerability, identified as CVE-2025-11918, has a CVSS v4 score of 7.1, indicating a significant risk for affected installations, particularly in critical manufacturing sectors.

Read Original
Critical
SiRcom SMART Alert (SiSA)

All CISA Advisories

The SiRcom SMART Alert (SiSA) system has a critical vulnerability due to missing authentication for critical functions, allowing unauthorized remote access to backend APIs. This could enable attackers to manipulate emergency sirens, posing a significant risk to public safety and critical infrastructure.

Read Original

The Ashlar-Vellum products Cobalt, Xenon, Argon, Lithium, and Cobalt Share have critical vulnerabilities, specifically an Out-of-Bounds Write and a Heap-based Buffer Overflow, which could allow attackers to disclose information or execute arbitrary code. The vulnerabilities have a CVSS v4 score of 8.4, indicating a high severity level, and users are urged to update their software to mitigate risks.

Read Original
Critical
Opto 22 groov View

All CISA Advisories

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

+1 more
Read Original

The Festo Compact Vision System and related products have critical vulnerabilities that could allow unauthorized access and modification of configuration files, with a CVSS score of up to 9.8. Users are urged to implement security measures to mitigate the risk of exploitation, as these vulnerabilities could severely impact device security and integrity.

Read Original

The article highlights the exploitation of CVE-2025-61757, which follows a breach of Oracle Cloud and an extortion campaign targeting Oracle E-Business Suite customers. This indicates a significant security threat that could impact numerous organizations relying on Oracle's services.

Read Original
PreviousPage 60 of 62Next