Apple has released updates for macOS and other platforms, addressing 19 security vulnerabilities in WebKit. These flaws could allow for various attacks, including data leaks and privilege escalation. The company reports no known active exploits of these vulnerabilities.

The Go programming language has released updates 1.25.6 and 1.24.12 to fix six critical vulnerabilities, including denial-of-service risks and potential arbitrary code execution. Developers are urged to upgrade immediately to avoid exploitation in unpatched environments.

SolarWinds released patches for three critical vulnerabilities in its Serv-U file transfer solution. One flaw allows attackers with admin privileges to execute arbitrary code, posing significant risks to affected systems. The vulnerabilities are listed in the CISA's Known Exploited Vulnerabilities catalog.

Two critical vulnerabilities in Cisco's Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) have been identified, allowing remote code execution without authentication. Cisco has released patches for these vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, and users are urged to apply them promptly.

AMD has announced vulnerabilities related to a new side-channel attack known as the Transient Scheduler Attack (TSA) affecting various AMD processors. Although rated low to medium in severity, cybersecurity firms have classified the overall threat as critical due to the potential for information leakage, particularly concerning OS kernel data. Users are advised to apply patches to mitigate risks, as the attacks require local access to execute successfully.