The vulnerabilities in Mitsubishi Electric Air Conditioning Systems could potentially allow unauthorized access or control over the systems, leading to disruptions in operations and potential safety hazards.

CISA, National Security Agency, and Canadian Centre for Cyber Security have released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. These vulnerabilities pose significant risks to federal enterprises and require immediate attention.

A vulnerability in Mitsubishi Electric GT Designer3 allows attackers to obtain plaintext credentials, potentially leading to unauthorized operation of GOT2000 and GOT1000 series devices.

A critical vulnerability, CVE-2024-3596, has been identified in Hitachi Energy's AFS, AFR, and AFF series. This vulnerability can compromise data integrity and disrupt availability, posing significant risks to critical infrastructure sectors.

CISA identified a critical zero-day vulnerability, CVE-2025-43529, in Apple's WebKit rendering engine. This vulnerability is actively exploited in the wild, affecting millions of users across iOS, iPadOS, macOS, and other Apple platforms.

A critical out of bounds memory access vulnerability has been identified in Google Chromium, tracked as CVE-2025-14174. This vulnerability could allow remote attackers to perform unauthorized memory access via a crafted HTML page.

A critical vulnerability has been identified in Varex Imaging's Panoramic Dental Imaging Software, which could allow attackers to gain elevated privileges. This vulnerability, CVE-2024-22774, has a CVSS v3.1 score of 7.8 and a CVSS v4 score of 8.5.

A critical vulnerability has been identified in the Grassroots DICOM (GDCM) library, which could allow attackers to exploit systems by crafting malicious DICOM files. This vulnerability, CVE-2025-11266, affects multiple open-source products.

The Johnson Controls iSTAR Ultra series, including iSTAR Ultra, Ultra SE, Ultra LT, Ultra G2, Ultra G2 SE, and Edge G2, are vulnerable to OS Command Injection. These vulnerabilities are identified as CVE-2025-43873 and CVE-2025-43874.