Google released an urgent update for Chrome to fix two vulnerabilities that can be exploited by simply visiting malicious web pages. Users should ensure they're on version 143.0.7499.146 or later to stay protected from potential attacks.

A serious security flaw in Grist-Core, tracked as CVE-2026-24002, allows remote code execution through malicious spreadsheet formulas. Discovered by researcher Vladimir Tokarev, this vulnerability can lead to unauthorized command execution on the server. Users should update to version 1.7.9 or later to prevent risks.

Security researchers found new vulnerabilities in React Server Components, including high-severity Denial of Service and medium-severity source code exposure issues. Users are urged to upgrade to fixed versions immediately to mitigate potential exploits.

Apple has patched a zero-day vulnerability, CVE-2026-20700, which allowed attackers to execute arbitrary code on devices. The flaw affected various Apple products, including iPhones and iPads, and was linked to sophisticated attacks on specific individuals. Users are urged to update their devices to the latest software versions for protection.

Researchers have identified multiple severe security flaws in the Coolify self-hosting platform, including command injection vulnerabilities that could allow attackers to execute arbitrary code and gain root access. Users are urged to update to fixed versions immediately, as around 52,890 instances are currently exposed.

QNAP addressed seven zero-day vulnerabilities exploited at the Pwn2Own Ireland 2025 competition. The flaws affect multiple software products and operating systems, prompting QNAP to urge users to update their software and change passwords for better security. Additionally, a new version of QuMagie was released to patch a critical SQL injection vulnerability.

State-sponsored hackers compromised Notepad++ update traffic from June to December 2025. The attackers redirected updates to malicious servers, targeting users through vulnerabilities in older versions of the software. Remediation measures have since been implemented, including migrating to a more secure hosting provider.

A critical security flaw in React Server Components allows unauthenticated remote code execution. Users should upgrade to fixed versions immediately to protect their applications from potential attacks.

An emergency update from Microsoft fixed a critical vulnerability in WSUS but inadvertently disabled hotpatch enrollment for some Windows Server 2025 devices. A subsequent update was released to correct this issue without disrupting hotpatch functionality. Administrators need to manage their updates carefully to avoid losing hotpatch support.

Grafana fixed a major security vulnerability (CVE-2025-41115) in its SCIM component that could enable user impersonation or privilege escalation. The flaw affects versions 12.0.0 to 12.2.1 with specific configurations enabled. Users should update to the latest versions to protect against this risk.

The Dropbear SSH server has a critical privilege escalation vulnerability that allows attackers to run programs as “root” on affected systems. The latest version, 2025.89, addresses this issue. Users unable to update can disable Unix socket forwarding as a temporary workaround.

Docker has addressed a critical vulnerability identified as CVE-2025-9074 that could allow unauthorized access to sensitive information. Users are encouraged to update their Docker installations to mitigate potential security risks associated with this flaw.

A critical vulnerability (CVE-2025-5947) in the Service Finder WordPress theme allows attackers to bypass authentication and gain administrator access, leading to significant exploitation attempts. With over 13,800 attempts recorded, users are urged to update to version 6.1 or discontinue use of the theme to mitigate risks.

Grafana Labs has released critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent to address four significant vulnerabilities in Chromium that could lead to remote code execution and memory corruption. Users are urged to update to the latest versions promptly to mitigate potential risks. Grafana Cloud instances have already been patched, alleviating the need for action from users of the managed service.

Google has issued the September 2025 security update for Android, addressing 84 vulnerabilities, including two critical zero-day flaws that are currently being exploited. The update also includes fixes for four critical-severity issues, particularly affecting Qualcomm components and various Android versions. Users are urged to update their devices to ensure protection against these vulnerabilities.

Palo Alto Networks has addressed multiple privilege escalation vulnerabilities in their software that could allow unauthorized users to gain higher access levels. These flaws, if exploited, could lead to serious security risks for affected systems. Users are advised to update their software to mitigate potential threats.

Apple has released a security patch addressing a critical zero-day vulnerability identified as CVE-2025-43300, which could allow attackers to execute arbitrary code on affected devices. Users are urged to update their devices promptly to protect against potential exploitation of this flaw.

ConnectWise is rotating its digital code signing certificates for ScreenConnect, ConnectWise Automate, and RMM due to security concerns raised by a third-party researcher about potential misuse of configuration data. This action is unrelated to any recent security incidents and is intended to enhance security before a deadline to avoid operational disruptions for users. Updated builds are being released, and users are advised to check for updates to maintain service continuity.

Android 16 has been launched, introducing features such as streamlined notifications, enhanced support for hearing devices, and improved security measures. This update also enhances productivity on tablets with desktop windowing and offers a new Material 3 Expressive design. Additional features and updates are expected later this year for Android and Pixel devices.

Apple has released a critical security patch addressing a zero-day vulnerability in its ImageIO framework, which has reportedly been exploited in targeted attacks. Users are urged to update their devices promptly to mitigate potential risks associated with this exploit.

Plex has issued an urgent warning for users to update their Media Server software to version 1.42.1.10060 due to a newly identified security vulnerability tracked as CVE-2025-34158. The flaw affects versions 1.41.7.x to 1.42.0.x, and while details of the vulnerability have not been disclosed, users are advised to patch immediately to prevent potential exploitation.

The article discusses the Android security update scheduled for June 2025, highlighting critical vulnerabilities that will be addressed to enhance device security. It emphasizes the importance of timely updates for protecting user data and maintaining device integrity against emerging threats.

Google Chrome will introduce an automatic password update feature by 2025, enhancing user security by ensuring passwords are regularly refreshed without manual intervention. This development aims to streamline the management of passwords, reducing the risk of breaches due to outdated credentials.

WhatsApp has released an emergency update to address a critical security vulnerability that could allow attackers to exploit the app and execute malicious code remotely. Users are urged to update to the latest version to protect their accounts and devices from potential threats. The update aims to enhance overall security and user safety.

A new zero-day vulnerability in Google Chrome is currently being exploited in the wild, allowing attackers to execute arbitrary code and potentially compromise user systems. Users are advised to update their browsers immediately to mitigate the risk of exploitation.

Google has released a security update for Chrome to address multiple vulnerabilities, including a high-severity sandbox escape flaw (CVE-2025-6558) that is actively being exploited. Users are urged to update to version 138.0.7204.157/.158 to mitigate risks, as the vulnerability allows attackers to execute arbitrary code through specially crafted HTML. This marks the fifth actively exploited flaw fixed in Chrome this year, following several others related to the V8 engine and browser security.