A security vulnerability was discovered in NVIDIA's GPU drivers, affecting various operating systems and software configurations. An incomplete patch released by NVIDIA has led to ongoing risks for users, prompting the need for further updates to fully address the security issues. Experts recommend that users remain vigilant and apply additional security measures until a complete fix is implemented.

A vulnerability in VMware Tools has been patched, allowing the open-vm-tools community to implement a security fix for previous releases. Broadcom also announced a significant security flaw in VMware Aria Automation that could allow malicious actors to steal user access tokens through crafted URLs.

A vulnerability in the Ollama Desktop application allowed drive-by attacks that could enable attackers to spy on local chats and manipulate AI models via a malicious website. Discovered by Chris Moberly and patched shortly after reporting, the flaw stemmed from insufficient cross-origin controls in the app's GUI. Users are urged to update to the latest version to mitigate the risk of exploitation.

Click Studios has urged users of its Passwordstate password manager to promptly update to version 9.9 Build 9972 due to a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to the administration section via a crafted URL. The company recommends implementing a temporary workaround while users transition to the latest version.

SolarWinds has released a patch to address a critical vulnerability in its Web Help Desk software that was being actively exploited. The flaw allowed attackers to bypass authentication and gain unauthorized access to the system, prompting urgent action from the company to ensure user security. Users are advised to update their software immediately to mitigate potential risks.

Plex has issued an urgent warning for users to update their Media Server software to version 1.42.1.10060 due to a newly identified security vulnerability tracked as CVE-2025-34158. The flaw affects versions 1.41.7.x to 1.42.0.x, and while details of the vulnerability have not been disclosed, users are advised to patch immediately to prevent potential exploitation.

Cisco has announced a critical vulnerability, tracked as CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated remote attackers to gain root access through arbitrary code execution. The vulnerability has a maximum CVSS score of 10, and Cisco has released patches to address it along with related vulnerabilities disclosed in June. Customers are urged to upgrade to the latest software versions to mitigate the risk.

A significant vulnerability in Google's Quick Share feature has been patched, addressing potential risks that could compromise user security. The update reinforces the importance of keeping software up to date to mitigate threats from exploits targeting such functionalities.

A critical remote vulnerability has been discovered in MCP software, posing significant risks to users. The flaw allows attackers to exploit the system remotely, potentially leading to unauthorized access and data breaches. Immediate updates and patches are recommended to mitigate the threat.

Researchers have developed a proof of concept (PoC) for a critical vulnerability in Fortinet's products, identified as CVE-2025-32756. The vulnerability allows for remote code execution, prompting the need for a quick patch to mitigate potential exploits. Users are advised to update their systems promptly to avoid security risks.

A critical vulnerability has been identified in the MCP server that could allow attackers to execute arbitrary code. The flaw poses serious security risks, and users are urged to apply patches and updates to protect their systems from potential exploitation. Cybersecurity experts are advising immediate action to mitigate the risks associated with this vulnerability.