All CosmicBytez Labs articles tagged #Critical Infrastructure, across news, security advisories, how-to guides, and projects.
Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...
A CVSS 9.8 critical vulnerability in Oracle Hospitality OPERA 5 Property Services allows unauthenticated network attackers to fully compromise hotel...
A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows an unauthenticated remote attacker to bypass...
The UK's Information Commissioner's Office has fined South Staffordshire Water Plc and its parent company £963,900 ($1.3 million) after a cyberattack...
West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...
A critical CVSS 9.8 hard-coded credentials vulnerability in Dell ECS and ObjectScale allows unauthenticated local attackers to gain full filesystem access...
The UK's Information Commissioner's Office fined South Staffordshire Water nearly £1 million after the Cl0p ransomware group maintained undetected access...
A critical OS command injection flaw in Universal Robots PolyScope Dashboard Server (CVSS 9.8) allows unauthenticated attackers to execute arbitrary...
A critical SQL injection vulnerability in NASA's Earth Observing System Data and Information System MODAPS v8.1 allows unauthenticated attackers to...
Itron, Inc. has disclosed a cybersecurity incident via SEC Form 8-K in which an unauthorized third party accessed certain internal systems at the utility...
Cybersecurity researchers at Darktrace have identified ZionSiphon, a new malware specifically designed to target Israeli water treatment and desalination...
A critical vulnerability in a programmable logic controller allows unauthenticated network attackers to brute force weak passwords and gain full...
More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...
The accidental exposure of Anthropic's Claude Code source code via an npm packaging error is the latest reminder that software supply chains need...
This week's security stories you may have missed: a ChatGPT conversation data leak, a new Android rootkit on Google Play, a municipal water facility taken...
A critical CVSS 9.8 vulnerability in the MAVLink drone communication protocol allows unauthenticated attackers to send arbitrary SERIAL_CONTROL commands —...
Hours after the FBI confirmed that Iranian hackers gained access to Director Kash Patel's personal email account, the U.S. State Department reissued a $10...
A critical CVSS 9.8 stack-based buffer overflow in Delta Electronics COMMGR2 allows unauthenticated remote code execution, posing severe risk to...
A maximum-severity authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10.0) has been actively exploited by threat actor UAT-8616 since...
A critical unauthenticated RCE vulnerability in International Datacasting Corporation's SFX Series satellite receivers allows attackers to execute...
Google's Threat Intelligence Group dismantles UNC2814, a China-linked operation that deployed a novel backdoor called GRIDTIDE abusing Google Sheets API...
During Operation 'Roar of the Lion,' a coordinated cyber offensive knocked Iran's internet connectivity down to just 4% of normal traffic, blacking out...
Technical documents leaked from a malware-infected developer device expose a Chinese military-linked training platform that replicates the critical...
A CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN has been exploited since at least 2023. CISA issues Emergency Directive ED 26-03 as all Five...
A ransomware attack detected February 19 has taken down UMMC's EPIC EMR system and forced all 35 health clinics across Mississippi to close, canceling...
Advantest Corporation, the world's leading manufacturer of semiconductor test equipment supplying companies like TSMC, Intel, and Samsung, disclosed a...
A partial DHS shutdown since February 14 has furloughed 1,453 of CISA's 2,341 employees, halting vulnerability scanning, threat advisories, and critical...
The Qilin ransomware group has compromised Romania's national oil pipeline operator Conpet, exfiltrating over 1 TB of data including passports, internal...
Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...
Dragos and Mandiant report a 112% increase in cyberattacks targeting energy, water, and transportation systems in the first quarter of 2026, with...
Cisco Talos uncovers a seven-component Linux framework called DKnife that compromises routers to intercept credentials, replace downloads with trojans,...
Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.
CISA has issued an emergency directive requiring federal agencies to mitigate Ivanti Connect Secure vulnerabilities within 48 hours as active exploitation...