Vulnerabilities Expose Private Data in Indian Government Systems
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Critical vulnerabilities can let attackers bypass security controls, compromise systems, or steal data, requiring urgent risk assessment and remediation.
Search across headline titles and summaries.
Background for this topic.
A critical vulnerability is a software or hardware flaw that allows attackers to execute highly damaging actions, such as remote code execution or privilege escalation, with little or no user interaction. These vulnerabilities often affect core system components or widely used services, making them attractive targets for exploitation. The severity rating "critical" indicates that successful exploitation can lead to full system compromise or significant operational disruption.
Security practitioners must prioritize identifying and patching critical vulnerabilities promptly to reduce exposure to automated attacks and wormable exploits. Effective mitigation includes applying vendor patches, deploying intrusion detection systems tuned for exploit patterns, and restricting network access to vulnerable services. Understanding the exploitability and impact scope of a critical vulnerability helps allocate resources efficiently and maintain system integrity under active threat conditions.
Weekly headline count for the current query.
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs.
A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials.
Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over.
In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.
Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.
'Broadside' is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.
The same APT hammered critical bugs in Citrix NetScaler (CVE-2025-5777) and the Cisco Identity Service Engine (CVE-2025-20337) in a sign of growing adversary interest in identity and access management systems.
CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform.
"Chaotic Deputy" is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments.
With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.
A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution.
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.
The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure.
If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected.
The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according to a CISA advisory.
Three zero-days allow an attacker to completely compromise the Concerto application and the host system running it. The vendor has yet to address the issues after being notified three months ago.
The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.