A serious security flaw in Grist-Core, tracked as CVE-2026-24002, allows remote code execution through malicious spreadsheet formulas. Discovered by researcher Vladimir Tokarev, this vulnerability can lead to unauthorized command execution on the server. Users should update to version 1.7.9 or later to prevent risks.

Security researchers found new vulnerabilities in React Server Components, including high-severity Denial of Service and medium-severity source code exposure issues. Users are urged to upgrade to fixed versions immediately to mitigate potential exploits.

Apple has patched a zero-day vulnerability, CVE-2026-20700, which allowed attackers to execute arbitrary code on devices. The flaw affected various Apple products, including iPhones and iPads, and was linked to sophisticated attacks on specific individuals. Users are urged to update their devices to the latest software versions for protection.

A critical security flaw in React Server Components allows unauthenticated remote code execution. Users should upgrade to fixed versions immediately to protect their applications from potential attacks.

An emergency update from Microsoft fixed a critical vulnerability in WSUS but inadvertently disabled hotpatch enrollment for some Windows Server 2025 devices. A subsequent update was released to correct this issue without disrupting hotpatch functionality. Administrators need to manage their updates carefully to avoid losing hotpatch support.

Grafana fixed a major security vulnerability (CVE-2025-41115) in its SCIM component that could enable user impersonation or privilege escalation. The flaw affects versions 12.0.0 to 12.2.1 with specific configurations enabled. Users should update to the latest versions to protect against this risk.

The Dropbear SSH server has a critical privilege escalation vulnerability that allows attackers to run programs as “root” on affected systems. The latest version, 2025.89, addresses this issue. Users unable to update can disable Unix socket forwarding as a temporary workaround.

A critical vulnerability in the Telemessage SGNL messaging platform is being actively exploited by attackers, posing significant security risks to users. The flaw allows unauthorized access to sensitive data, urging users to update their systems and take precautionary measures immediately. Cybersecurity experts are warning about the potential for widespread abuse of this vulnerability if not addressed promptly.

A critical vulnerability (CVE-2025-5947) in the Service Finder WordPress theme allows attackers to bypass authentication and gain administrator access, leading to significant exploitation attempts. With over 13,800 attempts recorded, users are urged to update to version 6.1 or discontinue use of the theme to mitigate risks.

Docker has addressed a critical vulnerability identified as CVE-2025-9074 that could allow unauthorized access to sensitive information. Users are encouraged to update their Docker installations to mitigate potential security risks associated with this flaw.

Apple has released a security patch addressing a critical zero-day vulnerability identified as CVE-2025-43300, which could allow attackers to execute arbitrary code on affected devices. Users are urged to update their devices promptly to protect against potential exploitation of this flaw.

A critical vulnerability known as "Happy Dom" has been identified, affecting various systems and applications due to improper handling of user input. Exploitation of this vulnerability could lead to unauthorized access and data breaches, prompting urgent updates and patches from developers to secure affected systems.

Apple has released a critical security patch addressing a zero-day vulnerability in its ImageIO framework, which has reportedly been exploited in targeted attacks. Users are urged to update their devices promptly to mitigate potential risks associated with this exploit.

Plex has issued an urgent warning for users to update their Media Server software to version 1.42.1.10060 due to a newly identified security vulnerability tracked as CVE-2025-34158. The flaw affects versions 1.41.7.x to 1.42.0.x, and while details of the vulnerability have not been disclosed, users are advised to patch immediately to prevent potential exploitation.

WhatsApp has released an emergency update to address a critical security vulnerability that could allow attackers to exploit the app and execute malicious code remotely. Users are urged to update to the latest version to protect their accounts and devices from potential threats. The update aims to enhance overall security and user safety.

A new zero-day vulnerability in Google Chrome is currently being exploited in the wild, allowing attackers to execute arbitrary code and potentially compromise user systems. Users are advised to update their browsers immediately to mitigate the risk of exploitation.

Google has released a security update for Chrome to address multiple vulnerabilities, including a high-severity sandbox escape flaw (CVE-2025-6558) that is actively being exploited. Users are urged to update to version 138.0.7204.157/.158 to mitigate risks, as the vulnerability allows attackers to execute arbitrary code through specially crafted HTML. This marks the fifth actively exploited flaw fixed in Chrome this year, following several others related to the V8 engine and browser security.