A critical zero-day vulnerability, identified as CVE-2025-11371, has been discovered in Gladinet's Centrestack and Triofox products, leaving users at risk of exploitation. The flaw remains unpatched, prompting urgent warnings for businesses utilizing these services to enhance their security measures against potential attacks.

Samsung has addressed a critical remote code execution vulnerability (CVE-2025-21043) affecting Android devices running version 13 or later, which was exploited in zero-day attacks. Discovered in a closed-source image parsing library, the flaw allows attackers to execute malicious code remotely. Meta and WhatsApp reported the vulnerability, highlighting the importance of keeping devices updated to mitigate such risks.

Apple has released a security patch addressing a critical zero-day vulnerability identified as CVE-2025-43300, which could allow attackers to execute arbitrary code on affected devices. Users are urged to update their devices promptly to protect against potential exploitation of this flaw.

Hackers have exploited a deserialization vulnerability in Gladinet CentreStack's file-sharing software, tracked as CVE-2025-30406, to breach storage servers since March 2025. The flaw, caused by a hardcoded machineKey, allows attackers to inject malicious payloads and execute code on affected systems. Gladinet has released security updates and recommends users upgrade or rotate the machineKey to mitigate risks.

Apple has released a critical security patch addressing a zero-day vulnerability in its ImageIO framework, which has reportedly been exploited in targeted attacks. Users are urged to update their devices promptly to mitigate potential risks associated with this exploit.

A new zero-day vulnerability in Google Chrome is currently being exploited in the wild, allowing attackers to execute arbitrary code and potentially compromise user systems. Users are advised to update their browsers immediately to mitigate the risk of exploitation.

A critical zero-day vulnerability in SAP NetWeaver, identified as CVE-2025-31324, has been discovered, allowing attackers to execute remote code with elevated privileges. SAP has issued an urgent advisory for users to apply necessary patches to mitigate potential exploitation of this security flaw.