The article discusses six newly discovered JavaScript zero-day vulnerabilities that could allow attackers to exploit package managers and execute malicious code. Experts warn that these flaws could enable large-scale supply chain attacks, especially if attackers gain access to package maintainers' credentials. The need for stronger security measures in software supply chains is emphasized.

Microsoft has addressed multiple zero-day vulnerabilities in Windows and Office that hackers are actively exploiting. These flaws allow attackers to execute malware with minimal user interaction, primarily through malicious links and files. Security experts warn of a high risk of system compromise and ransomware deployment.

Apple has released urgent security updates to address two zero-day vulnerabilities, CVE-2025-31200 and CVE-2025-31201, that were exploited in sophisticated attacks on specific iPhone users. These vulnerabilities affect multiple Apple operating systems and devices, including iOS and macOS, and users are strongly urged to install the updates promptly to safeguard their devices. Since the beginning of the year, Apple has remedied five zero-day vulnerabilities.

Mozilla has addressed multiple zero-day vulnerabilities that were demonstrated during the Pwn2Own Berlin 2025 competition. These security flaws could have allowed attackers to exploit the Firefox browser, prompting the urgent need for updates to protect users. The fixes are part of Mozilla's ongoing commitment to enhance browser security.

Google has issued the September 2025 security update for Android, addressing 84 vulnerabilities, including two critical zero-day flaws that are currently being exploited. The update also includes fixes for four critical-severity issues, particularly affecting Qualcomm components and various Android versions. Users are urged to update their devices to ensure protection against these vulnerabilities.

Researchers have discovered multiple zero-day vulnerabilities in HashiCorp Vault and CyberArk Conjur, critical secret management platforms used by many enterprises. These vulnerabilities could allow attackers to bypass authentication, gain root access, and execute remote code, posing significant security risks to organizations.

A new startup focused on zero-day vulnerabilities is offering $20 million for tools that can successfully hack any smartphone. This initiative aims to attract skilled hackers to enhance cybersecurity solutions amidst increasing smartphone security challenges.