The Financial Times reports on how artificial intelligence is transforming video surveillance capabilities, particularly in regions like Israel, Iran, and Russia. Unlike traditional surveillance systems that rely on limited preset searches, new AI tools allow users to ask natural language questions about video footage. This advancement significantly enhances the ability to analyze and interpret vast amounts of video data. The implications are profound, as these technologies could facilitate mass surveillance and monitoring, raising concerns about privacy and civil liberties. As AI continues to evolve, the potential for misuse in state and corporate surveillance becomes a critical issue that demands attention.
Articles tagged "Critical"
Found 887 articles
The Hacker News
A new security vulnerability, CVE-2026-48558, has been identified in SimpleHelp, a remote support software. This critical flaw, which has a maximum severity score of 10.0, allows attackers to bypass authentication during the OpenID Connect (OIDC) flow. As a result, these attackers have been exploiting this weakness to deploy two malware families: TaskWeaver and Djinn Stealer. The situation poses significant risks for users of SimpleHelp, as the malware could lead to data theft and further system compromises. Organizations using this software should take immediate action to secure their systems against this ongoing threat.
The Blackfield ransomware group has targeted Nidec Corporation, a major Japanese manufacturer known for its electronic components used in automotive and computing applications. They are demanding a ransom of $2 million, indicating a serious breach that could impact the company's operations and supply chain. This incident raises concerns about the vulnerability of manufacturers in critical sectors to ransomware attacks, which can disrupt production and lead to financial losses. The situation is still developing, and it remains to be seen how Nidec will respond to this threat. Companies in similar industries should take note and ensure their cybersecurity measures are robust to prevent such attacks.
UK hospitals are facing a significant increase in cyber-attacks, with SonicWall reporting 264,000 security events in just the first five months of 2026. This marks a tenfold rise compared to previous years, indicating that healthcare facilities are becoming prime targets for cybercriminals. The surge in attacks poses a serious risk to patient data and hospital operations, potentially compromising critical healthcare services. As attackers become more aggressive, it’s essential for healthcare organizations to enhance their cybersecurity measures to protect sensitive information and maintain trust. The situation emphasizes the urgent need for improved security protocols in the healthcare sector to defend against these escalating threats.
Security Affairs
A serious vulnerability, identified as CVE-2026-46817, has been discovered in Oracle E-Business Suite, allowing remote attackers to gain unauthorized access to Oracle Payments. This flaw has a high severity rating of 9.8 on the CVSS scale and is currently being exploited in real-world attacks, according to cybersecurity firm Defused Cyber. Organizations using Oracle E-Business Suite need to be particularly vigilant, as this vulnerability can lead to significant financial and operational risks. The situation is critical, and immediate action is necessary to protect sensitive payment information and other related data from unauthorized access. Users and administrators should prioritize addressing this vulnerability to mitigate potential breaches.
A serious vulnerability in SimpleHelp has been exploited by attackers to deliver malware aimed at stealing sensitive information. The attackers are targeting credentials, SSH keys, cryptocurrency wallets, and development tools, which could have significant implications for individuals and organizations using this software. Users of SimpleHelp should be particularly cautious as this vulnerability is actively being exploited in the wild. The situation highlights the need for users to stay updated on security patches and to implement additional security measures to protect their assets. As of now, specific remediation steps have not been detailed, but users are advised to monitor for updates from SimpleHelp regarding this issue.
The Hacker News
A serious vulnerability affecting Oracle E-Business Suite, identified as CVE-2026-46817, is currently being exploited by attackers. This flaw, which has a CVSS score of 9.8, relates to improper privilege management and authentication issues in Oracle Payments. If exploited, this vulnerability could allow unauthorized users to take control of affected instances, posing a significant risk to organizations using the software. The situation calls for immediate attention, as the vulnerability is actively being targeted in the wild. Companies using Oracle E-Business Suite should prioritize addressing this flaw to protect their systems and data from potential breaches.
ESET has reported that the Gamaredon group, a known cyber threat actor, has ramped up its activities with 35 distinct spear-phishing campaigns targeting Ukrainian governmental and military institutions in 2025, particularly in the latter half of the year. These campaigns are part of ongoing efforts to exploit vulnerabilities in these sectors amid the ongoing conflict in Ukraine. The attacks primarily use deceptive emails to trick recipients into revealing sensitive information or downloading malicious software. This increase in activity poses significant risks to national security and the integrity of critical infrastructure in Ukraine, highlighting the persistent threat posed by cyber warfare in the region. As these attacks continue, it is crucial for organizations to enhance their cybersecurity measures and remain vigilant against phishing attempts.
A researcher has identified several vulnerabilities in Indian government systems, with one particularly alarming flaw that could have allowed unauthorized users to take control of a national government portal. This breach raises serious concerns about the security of sensitive government data and the potential for misuse by malicious actors. If exploited, these vulnerabilities could compromise personal information of citizens and disrupt essential government services. The findings emphasize the need for immediate action to secure these systems and protect public data from potential breaches. As the situation develops, it is crucial for the government to address these vulnerabilities swiftly to maintain public trust and ensure the safety of its digital infrastructure.
Recent reports indicate that state-sponsored hackers from Iran, Russia, and China are targeting water systems worldwide. These attackers are exploiting weak passwords, poorly configured programmable logic controllers (PLCs), and inadequate network segmentation to gain access. Notably, they are not using advanced malware but rather taking advantage of basic security oversights. This poses a significant risk to critical infrastructure, as water systems are essential for public health and safety. The findings underscore the need for better cybersecurity practices within these vital sectors to prevent potential sabotage and ensure the reliability of water services.
The article discusses the growing security risks associated with AI agents in enterprise systems. These AI agents have the ability to access sensitive data and perform actions across different platforms, which makes them a valuable target for attackers. Token Security emphasizes that as organizations increasingly rely on these AI tools, the importance of managing and securing their identities becomes critical. Failure to do so could lead to unauthorized access and data breaches, potentially compromising the entire enterprise infrastructure. It is essential for companies to implement robust identity governance strategies to mitigate these risks and protect their systems.
Hackers are taking advantage of a serious vulnerability (CVE-2026-48558) in SimpleHelp, a remote support software, to deploy a new type of malware known as Djinn Stealer. This malware is capable of stealing information across multiple operating systems, including Windows, macOS, and Linux. Users of SimpleHelp are at risk as the flaw allows attackers to infiltrate systems and extract sensitive data without detection. The emergence of this undocumented malware raises concerns about the security of remote support tools, as they are commonly used by businesses and individuals for remote access. It is crucial for users to remain vigilant and apply any necessary updates to protect their information.
Hackers are actively exploiting a serious vulnerability, identified as CVE-2026-46817, in the Oracle E-Business Suite (EBS) financial application. This flaw poses a significant risk to businesses using the software, as it allows unauthorized access to sensitive financial data. Threat intelligence firm Defused reported that the attacks are already underway, making it crucial for organizations to take immediate action to protect their systems. Users of Oracle EBS should prioritize updating their software and implementing any available security patches to mitigate the risk of exploitation. The urgency of this situation highlights the ongoing need for vigilance in cybersecurity practices, especially for widely used enterprise applications.
A data breach has occurred at the National Association of Insurance Commissioners (NAIC) after attackers exploited a zero-day vulnerability in Oracle Peoplesoft. This breach allows unauthorized access to the IT systems used by the NAIC, which plays a crucial role in setting standards for the US federal insurance framework. The incident raises serious concerns about the security of sensitive information within the insurance sector, as the NAIC handles critical data that impacts consumers and insurance providers alike. The exploitation of this vulnerability serves as a stark reminder of the ongoing risks associated with software used in government and financial sectors. Stakeholders need to be vigilant and assess their systems for potential vulnerabilities to prevent similar incidents in the future.
The Hacker News
A recently released proof-of-concept has exposed a serious vulnerability, CVE-2026-55200, in the libssh2 library, which is widely used for client-side SSH connections. This flaw allows a malicious SSH server to cause memory corruption on a client connecting to it, potentially leading to code execution without needing user credentials or interaction. The vulnerability impacts all versions of libssh2 up to 1.11.1 and has been rated with a CVSS score of 9.2, indicating its severity. Users of affected versions are at risk of exploitation, making it crucial for them to take immediate action. Given the nature of this flaw, it poses a significant threat to systems relying on libssh2 for secure connections.