Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
Critical infrastructure depends on interconnected operational systems, where cyber incidents can disrupt essential services, safety, and availability.
Search across headline titles and summaries.
Background for this topic.
Critical infrastructure includes systems and assets vital for public health, safety, and economic stability, such as power grids, water treatment, transportation networks, and healthcare facilities. These systems often combine physical components with industrial control systems (ICS) and operational technology (OT) that manage essential services in real time.
From an information-security perspective, critical infrastructure faces risks like unauthorized access to control systems, disruption of service availability, and manipulation of sensor data. Defending these assets requires specialized security measures tailored to ICS environments, including network segmentation, strict access controls, and continuous monitoring for anomalies. Ensuring resilience also involves coordinated efforts between operators and government agencies to address vulnerabilities unique to legacy systems and proprietary protocols.
Weekly headline count for the current query.
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [...]
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. [...]
Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. [...]
Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. [...]