critical

  • Blog
    digitpatrox10 hours ago
    5

    Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now

    A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the…

    Read More »
  • Blog
    digitpatrox1 week ago
    35

    Critical FortiSwitch flaw lets hackers change admin passwords remotely

    Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    40

    Apple Patches Critical Vulnerabilities in iOS 15 and 16

    Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    49

    OpenAI now pays researchers $100,000 for critical vulnerabilities

    Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. OpenAI says its services and platforms are used by 400 million users across businesses, enterprises, and governments worldwide every week. “We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    66

    Security experts warn of ‘contradictory confidence’ over critical infrastructure threats

    Almost all critical national infrastructure (CNI) organizations in the UK (95%) experienced a data breach in the last year, according to new research. Analysis from Bridewell found that more than half had incurred financial losses of over £100,000 per breach, mostly thanks to cybersecurity upgrades, systems recovery, and increased operational costs. Cloud services have become the most targeted attack vector…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    54

    Critical Cisco Smart Licensing Utility flaws now exploited in attacks

    Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as “an undocumented static user…

    Read More »
  • Blog
    digitpatroxMarch 17, 2025
    55

    Critical RCE flaw in Apache Tomcat actively exploited in attacks

    A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    128

    GitLab patches critical authentication bypass vulnerabilities

    GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable.  GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…

    Read More »
  • Blog
    digitpatroxMarch 13, 2025
    52

    CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted

    CISA has issued an alert over ongoing activity linked to the Medusa ransomware as a service (RaaS) group, warning it has impacted hundreds of critical organizations. The agency issued a joint advisory alongside the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), stating that as of February 2025 Medusa developers and affiliates had hit over 300 victims in…

    Read More »
  • Blog
    digitpatroxMarch 13, 2025
    51

    Medusa ransomware hit over 300 critical infrastructure orgs

    CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. This was revealed in a joint advisory issued today in coordination with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). “As of February 2025, Medusa developers and affiliates have impacted over…

    Read More »
Load More
Back to top button
close