Stay informed on crucial cyber threats with the latest updates and expert insights on critical information security issues. Protect your digital landscape.
Search across headline titles and summaries.
Background for this topic.
Critical is a term that denotes the highest level of importance assigned to certain assets, systems, or data within the realm of information security. It signals that the information or infrastructure in question is essential to the operations of an organization, and any compromise or downtime could lead to severe consequences, such as financial loss, reputational damage, or threat to physical safety.
In the context of information security, critical can pertain to components like core servers, databases with sensitive information, or network infrastructure that, if disrupted, could cripple an organization's ability to function. Prioritizing security for critical systems involves implementing robust protection measures, continuous monitoring for threats, and planning for rapid response and recovery in the event of an incident. It reflects a heightened level of risk management to safeguard against potential cyber threats and maintain operational integrity.
Weekly headline count for the current query.
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. [...]
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. [...]
Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]
Project Glasswing Expansion Reaches Power, Healthcare, Telecom and Water OperatorsAnthropic expanded Project Glasswing to 150 additional organizations across more than 15 countries, granting critical infrastructure operators, NATO and cybersecurity agencies controlled access to Claude Mythos Preview as the company seeks broader cyber defense coverage while limiting misuse risks.
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. [...]
Roughly 150 new organizations across critical infrastructure sectors will gain access to Claude Mythos Preview, Anthropic's most capable — and most restricted — AI model. The post Anthropic expanding access to Project Glasswing appeared first on CyberScoop.
ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The […]
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites
June Meetings Could Shape Which Entities Must Report Cyber IncidentsThe Cybersecurity and Infrastructure Security Agency's June town halls will give critical infrastructure operators a final opportunity to influence how the agency defines covered entities, reportable incidents and compliance requirements before issuing long-awaited CIRCIA regulations.
Researcher reported the vuln in March. Maintainers haven't responded to his messages since
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions
Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer
CERT-In says internet-facing or critical systems should be patched, mitigated, or cut off within half a day where feasible
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. [...]
The Dutch government blocked Kyndryl’s €100M bid for Solvinity, citing national security concerns over critical digital infrastructure. Dutch Government told Kyndryl it can’t buy Solvinity. That sentence doesn’t sound dramatic, but what it means is this: a European government just blocked an American IT company from acquiring the firm that runs DigiD, the platform Dutch […]