critical

  • Blog
    digitpatrox15 hours ago
    9

    Do you really need to fix that critical flaw?

    Organizations needn’t rush to patch ‘critical’ security flaws listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, according to a report from Ox Security. After examining more than 200 separate environments, it’s concluded that a ‘patch everything’ approach may be wasting valuable security resources. This, researchers said, is because in a cloud container environment many present no real-world exploitation risk at…

    Read More »
  • Blog
    digitpatrox1 week ago
    23

    Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

    Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed. Versa Concerto is the centralized management…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    43

    Critical Langflow RCE flaw exploited to hack AI app servers

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    44

    Apache Parquet exploit tool detect servers vulnerable to critical flaw

    A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was released by F5 Labs researchers who investigated the vulnerability after finding that multiple existing PoCs were either weak or completely non-functional. The tool serves as proof of CVE-2025-30065’s practical exploitability and can…

    Read More »
  • Blog
    digitpatroxApril 20, 2025
    169

    Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

    Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable. “The issue is caused by a flaw in the SSH protocol message handling which allows an…

    Read More »
  • Blog
    digitpatroxApril 19, 2025
    43

    ASUS warns of critical auth bypass flaw in routers using AiCloud

    ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. “An improper authentication control vulnerability…

    Read More »
  • Blog
    digitpatroxApril 17, 2025
    50

    Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now

    A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the…

    Read More »
  • Blog
    digitpatroxApril 9, 2025
    68

    Critical FortiSwitch flaw lets hackers change admin passwords remotely

    Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks…

    Read More »
  • Blog
    digitpatroxApril 3, 2025
    70

    Apple Patches Critical Vulnerabilities in iOS 15 and 16

    Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…

    Read More »
  • Blog
    digitpatroxMarch 29, 2025
    77

    OpenAI now pays researchers $100,000 for critical vulnerabilities

    Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. OpenAI says its services and platforms are used by 400 million users across businesses, enterprises, and governments worldwide every week. “We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings…

    Read More »
Load More
Back to top button
close