Critical Infrastructure Archives • Page 3 of 4 • Daily CyberSecurity

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems Tigo Energy, CISA Alert

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems

Do Son August 7, 2025

In a critical advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), newly discovered vulnerabilities in...

CISA Alert: Critical Flaw (CVE-2025-8286) in Güralp FMUS Seismic Devices Allows Unauthenticated Takeover, No Patch!

Do Son August 1, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory about a critical vulnerability—CVE-2025-8286—impacting...

Singapore’s Critical Infrastructure Under Attack by China-Linked UNC3886 APT Singapore Critical Infrastructure, UNC3886

Singapore’s Critical Infrastructure Under Attack by China-Linked UNC3886 APT

Do Son July 28, 2025

The OT Cybersecurity Information Sharing and Analysis Center (OT-ISAC) has released a threat alert detailing an ongoing...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Do Son July 24, 2025

In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX...

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Do Son July 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Schneider Electric, has issued a security advisory...

CISA, FBI Warn of Interlock Ransomware, Actively Targeting Businesses & Critical Infrastructure Interlock Ransomware, CISA Advisory

CISA, FBI Warn of Interlock Ransomware, Actively Targeting Businesses & Critical Infrastructure

Do Son July 23, 2025

In a new joint cybersecurity advisory issued on July 22, 2025, the Cybersecurity and Infrastructure Security Agency...

GLOBAL GROUP: New Ransomware Giant Emerges with AI Negotiators, Affiliate Incentives, and Industrial-Scale Attacks

Do Son July 16, 2025

A newly branded ransomware outfit, GLOBAL GROUP, has exploded onto the scene with an aggressive campaign that...

Power Grid ICS Are Exposed — What Does This Mean for Critical Infrastructure? Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Power Grid ICS Are Exposed — What Does This Mean for Critical Infrastructure?

Do Son July 3, 2025

Before 2010, Industrial Control Systems (ICS) mostly operated within isolated Operational Technology (OT) networks and received little...

Pro-Russian Hacktivists Escalate 2025 Cyber Offensive: Targeting Western Critical Infrastructure & ICS Pro-Russian Hacktivism, Critical Infrastructure Attacks

Pro-Russian Hacktivism, Critical Infrastructure Attacks

Pro-Russian Hacktivists Escalate 2025 Cyber Offensive: Targeting Western Critical Infrastructure & ICS

Do Son July 3, 2025

The cybercrime landscape in 2025 has been dramatically reshaped by the geopolitical upheaval stemming from the Russia-Ukraine...

Iranian Cyber Actors May Target U.S. Networks and Critical Infrastructure, Warn U.S. Agencies Iran Cyber Threat, US Critical Infrastructure

Iranian Cyber Actors May Target U.S. Networks and Critical Infrastructure, Warn U.S. Agencies

Do Son July 1, 2025

A joint alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),...

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices Fuel Infrastructure, Critical Vulnerability

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices

Do Son June 20, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory warning fuel infrastructure...

CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches Moxa Switches, DoS Vulnerability

CVE-2024-9404: Remote DoS Vulnerability Found in Moxa Industrial Switches

Do Son June 13, 2025

Moxa has issued a high-severity security advisory for a newly discovered vulnerability—CVE-2024-9404—that affects its widely deployed PT-G7728...

Urgent Bosch Alert: Critical RCE Flaw (CVSS 10.0) Exposes Dispatch & Matrix Software to Attack Bosch RCE, Critical Vulnerability

Urgent Bosch Alert: Critical RCE Flaw (CVSS 10.0) Exposes Dispatch & Matrix Software to Attack

Do Son June 13, 2025

Bosch has issued a critical security advisory addressing a severe remote code execution (RCE) vulnerability affecting its...

Urgent Siemens Energy Alert: Critical Flaw (CVSS 9.9) in Private 5G Core Exposes Sensitive Data! Siemens Energy, Critical Vulnerability CVE-2025-40585

Siemens Energy, Critical Vulnerability CVE-2025-40585

Urgent Siemens Energy Alert: Critical Flaw (CVSS 9.9) in Private 5G Core Exposes Sensitive Data!

Do Son June 12, 2025

Siemens has issued a critical security advisory regarding its Energy Services platform—formerly known as Managed Applications and...

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices CyberData Vulnerabilities, SIP Intercom Security

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

Do Son June 7, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-impact...

PathWiper: Russia-Linked APT Deploys New Wiper Malware Against Ukrainian Infrastructure PathWiper, Ukraine Cyberattack

PathWiper: Russia-Linked APT Deploys New Wiper Malware Against Ukrainian Infrastructure

Do Son June 5, 2025

In a sobering development that underscores the continued cyber threat to Ukrainian critical infrastructure, Cisco Talos has...

Unpatched Telecom Flaws (CVSS 9.8) Enable Remote Code Execution: Critical Buffer Overflows Expose Core Infrastructure Buffer Overflow Telecom Vulnerabilities

Unpatched Telecom Flaws (CVSS 9.8) Enable Remote Code Execution: Critical Buffer Overflows Expose Core Infrastructure

Do Son June 4, 2025

Two newly disclosed vulnerabilities in popular telecommunications devices expose critical infrastructure to unauthenticated remote code execution and...

CISA Alert: Critical Flaws in Consilium Safety CS5000 Fire Panel Could Enable Remote Takeover, No Patch Consilium Safety, Fire Panel Vulnerabilities