A security vulnerability has been discovered in the popular game Call of Duty, allowing for remote code execution on PC systems. This issue poses significant risks to players, especially when the game is played offline, as it could lead to unauthorized access to their computers. Players are advised to stay updated on patches and security measures to mitigate potential threats.

A critical vulnerability in Dolby's Unified Decoder can be exploited for remote code execution on Android devices without any user interaction. Microsoft has addressed the flaw in its October Patch Tuesday updates, while Google included patches in recent ChromeOS updates.

A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

A critical vulnerability in Citrix NetScaler, tracked as CVE-2025-6543, has been exploited to breach multiple critical organizations in the Netherlands, allowing attackers to achieve remote code execution. The Netherlands' National Cyber Security Centre warns that the flaw, initially thought to cause denial of service attacks, has been actively exploited since early May, with successful attacks resulting in the erasure of evidence. Organizations are urged to upgrade their systems to mitigate risks associated with this zero-day vulnerability.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.

Over 73,000 WatchGuard Firebox devices are vulnerable to a critical flaw that allows remote code execution without authentication. The issue affects devices running the Fireware OS, with many remaining unpatched despite the release of updates a month prior.

A critical vulnerability identified as CVE-2025-25257 in Fortinet’s FortiWeb can lead to remote code execution, posing significant security risks. Users are urged to apply patches immediately to mitigate potential exploitation of this flaw.

WatchGuard has issued security updates to fix a critical remote code execution vulnerability (CVE-2025-9242) in its Firebox firewalls, which could allow attackers to execute malicious code if the devices are configured to use IKEv2 VPN. While the vulnerability has not been exploited in the wild, administrators are urged to patch their devices due to the attractive target that firewalls present to threat actors. A temporary workaround is also available for those unable to apply the updates immediately.

A critical vulnerability has been discovered in Anthropics software that could potentially allow remote code execution, putting users at significant risk. Security experts are urging users to update their software immediately to mitigate this threat and protect against potential exploits.

Researchers from Check Point discovered a critical remote code execution vulnerability dubbed "MCPoison" in the Cursor AI coding tool, allowing attackers to alter approved Model Context Protocol (MCP) configurations to inject malicious commands. Cursor has since released an update to address the flaw, requiring user approval for any modifications to MCP Server entries, but the incident raises concerns about trust in AI-assisted development environments. Further vulnerabilities in AI platforms are expected to be reported by Check Point.

SonicWall has issued a warning regarding a critical vulnerability (CVE-2025-40599) in its SMA 100 series VPN appliances, allowing authenticated users to upload arbitrary files, potentially leading to remote code execution. Despite no evidence of active exploitation, the company advises users to patch their devices and monitor for signs of compromise due to ongoing attacks targeting the appliances. Recommendations include enhancing security measures such as enforcing multi-factor authentication and limiting remote management access.

Redis has issued critical patches for a severe vulnerability (CVE-2025-49844) that allows remote code execution on approximately 330,000 exposed instances, with at least 60,000 not requiring authentication. The flaw stems from a 13-year-old use-after-free weakness in the Lua scripting feature, enabling attackers to gain full access to host systems and potentially exfiltrate sensitive data. Administrators are urged to update their Redis instances immediately to mitigate the risk of exploitation.

Hackers are exploiting a critical unauthenticated file upload vulnerability in the WordPress theme 'Alone,' enabling remote code execution and site takeovers. Wordfence has recorded over 120,000 exploitation attempts, and a patched version of the theme was released following the discovery of the flaw. Users are advised to update to version 7.8.5 to mitigate risks associated with this vulnerability.