A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

A critical vulnerability in Citrix NetScaler, tracked as CVE-2025-6543, has been exploited to breach multiple critical organizations in the Netherlands, allowing attackers to achieve remote code execution. The Netherlands' National Cyber Security Centre warns that the flaw, initially thought to cause denial of service attacks, has been actively exploited since early May, with successful attacks resulting in the erasure of evidence. Organizations are urged to upgrade their systems to mitigate risks associated with this zero-day vulnerability.

Over 73,000 WatchGuard Firebox devices are vulnerable to a critical flaw that allows remote code execution without authentication. The issue affects devices running the Fireware OS, with many remaining unpatched despite the release of updates a month prior.

SonicWall has issued a warning regarding a critical vulnerability (CVE-2025-40599) in its SMA 100 series VPN appliances, allowing authenticated users to upload arbitrary files, potentially leading to remote code execution. Despite no evidence of active exploitation, the company advises users to patch their devices and monitor for signs of compromise due to ongoing attacks targeting the appliances. Recommendations include enhancing security measures such as enforcing multi-factor authentication and limiting remote management access.