critical

  • Blog
    digitpatrox2 weeks ago
    34

    Critical Langflow RCE flaw exploited to hack AI app servers

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    36

    Apache Parquet exploit tool detect servers vulnerable to critical flaw

    A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was released by F5 Labs researchers who investigated the vulnerability after finding that multiple existing PoCs were either weak or completely non-functional. The tool serves as proof of CVE-2025-30065’s practical exploitability and can…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    162

    Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

    Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable. “The issue is caused by a flaw in the SSH protocol message handling which allows an…

    Read More »
  • Blog
    digitpatroxApril 19, 2025
    42

    ASUS warns of critical auth bypass flaw in routers using AiCloud

    ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. “An improper authentication control vulnerability…

    Read More »
  • Blog
    digitpatroxApril 17, 2025
    47

    Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now

    A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the…

    Read More »
  • Blog
    digitpatroxApril 9, 2025
    58

    Critical FortiSwitch flaw lets hackers change admin passwords remotely

    Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks…

    Read More »
  • Blog
    digitpatroxApril 3, 2025
    64

    Apple Patches Critical Vulnerabilities in iOS 15 and 16

    Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…

    Read More »
  • Blog
    digitpatroxMarch 29, 2025
    70

    OpenAI now pays researchers $100,000 for critical vulnerabilities

    Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. OpenAI says its services and platforms are used by 400 million users across businesses, enterprises, and governments worldwide every week. “We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings…

    Read More »
  • Blog
    digitpatroxMarch 25, 2025
    86

    Security experts warn of ‘contradictory confidence’ over critical infrastructure threats

    Almost all critical national infrastructure (CNI) organizations in the UK (95%) experienced a data breach in the last year, according to new research. Analysis from Bridewell found that more than half had incurred financial losses of over £100,000 per breach, mostly thanks to cybersecurity upgrades, systems recovery, and increased operational costs. Cloud services have become the most targeted attack vector…

    Read More »
  • Blog
    digitpatroxMarch 21, 2025
    78

    Critical Cisco Smart Licensing Utility flaws now exploited in attacks

    Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as “an undocumented static user…

    Read More »
Load More
Back to top button
close