Trend Micro patched three vulnerabilities in its Apex Central management console, including a severe remote code execution flaw that could allow attackers to execute code as SYSTEM. The vulnerabilities were disclosed by Tenable and affect versions below Build 7190. Users are urged to apply the critical patch immediately.

New security flaws in React Server Components can lead to denial-of-service attacks and expose source code. Users must quickly patch their systems, as many remain vulnerable despite previous updates. Ongoing exploitation attempts are reported, particularly from attackers in North Korea and China.

Major vulnerabilities known as Frostbyte10 have been discovered in Copeland controllers used in thousands of refrigeration systems at grocery chains, potentially allowing attackers to manipulate temperatures and disrupt supply chains. Armis identified ten critical flaws, prompting Copeland to issue firmware updates and CISA to urge immediate patching of affected systems. While no exploitation has been confirmed in the wild, the pervasive use of these controllers makes them a prime target for malicious actors.

Over 800 N-able N-central servers remain unpatched against two critical vulnerabilities, CVE-2025-8875 and CVE-2025-8876, which are currently being exploited. N-able has urged administrators to upgrade to the patched version 2025.3.1, while CISA has mandated federal agencies to mitigate these vulnerabilities within a week. Shadowserver Foundation reports that most of the vulnerable servers are located in the U.S., Canada, and the Netherlands.