Multiple bugs have been identified in Apple products, with the most severe potentially allowing for arbitrary code execution. Apple is aware of reports that CVE-2025-43529 and CVE-2025-14174 may have been exploited in sophisticated attacks.

A vulnerability in Mitsubishi Electric GT Designer3 allows attackers to obtain plaintext credentials, potentially leading to unauthorized operation of GOT2000 and GOT1000 series devices.

A critical vulnerability, CVE-2024-3596, has been identified in Hitachi Energy's AFS, AFR, and AFF series. This vulnerability can compromise data integrity and disrupt availability, posing significant risks to critical infrastructure sectors.

CISA identified a critical zero-day vulnerability, CVE-2025-43529, in Apple's WebKit rendering engine. This vulnerability is actively exploited in the wild, affecting millions of users across iOS, iPadOS, macOS, and other Apple platforms.

A critical out of bounds memory access vulnerability has been identified in Google Chromium, tracked as CVE-2025-14174. This vulnerability could allow remote attackers to perform unauthorized memory access via a crafted HTML page.

A critical vulnerability has been identified in Varex Imaging's Panoramic Dental Imaging Software, which could allow attackers to gain elevated privileges. This vulnerability, CVE-2024-22774, has a CVSS v3.1 score of 7.8 and a CVSS v4 score of 8.5.

A critical vulnerability has been identified in the Grassroots DICOM (GDCM) library, which could allow attackers to exploit systems by crafting malicious DICOM files. This vulnerability, CVE-2025-11266, affects multiple open-source products.

The Johnson Controls iSTAR Ultra series, including iSTAR Ultra, Ultra SE, Ultra LT, Ultra G2, Ultra G2 SE, and Edge G2, are vulnerable to OS Command Injection. These vulnerabilities are identified as CVE-2025-43873 and CVE-2025-43874.

A critical vulnerability has been identified in the Universal Boot Loader (U-Boot), affecting several Qualcomm chips. This vulnerability, CVE-2025-24857, allows improper access control for volatile memory containing boot code

Pro-Russia hacktivist groups, Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), and Sector16, are conducting opportunistic attacks against critical infrastructure sectors such as Water and Wastewater, Food and Agriculture, and Energy.