Multiple high-severity vulnerabilities have been identified in all versions of Brightpick AI's Mission Control / Internal Logic Control platform. These bugs affect all versions of the product and are exploitable remotely with low attack complexity.

As of November 2025, Akira ransomware actors have expanded their operations, deploying a new variant—Akira_v2—that features faster encryption speeds and improved mechanisms to inhibit system recovery.

Multiple critical vulnerabilities have been identified in Siemens LOGO! 8 BM and SIPLUS LOGO! programmable logic controller (PLC) devices. These vulnerabilities could allow remote attackers to execute arbitrary code.

Multiple critical vulnerabilities have been identified in Radiometrics VizAir, a weather monitoring system used in aviation. All vulnerabilities have a CVSS v3.1 and v4 base score of 10.0, indicating maximum severity.

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.

This guidance aims to mitigate persistent threats targeting Exchange environments by providing actionable recommendations for hardening server configurations and reducing attack surfaces.

A critical privilege escalation vulnerability has been identified in Broadcom VMware Aria Operations and VMware Tools. Successful exploitation of this vulnerability enables a local attacker to gain root-level access on the affected VM.

A critical bug, CVE-2025-61932, has been identified in Motex LANSCOPE Endpoint Manager. It allows remote attackers to execute arbitrary code by sending specially crafted packets due to improper verification of the source of communication channels.

Multiple vulnerabilities have been identified in Oxford Nanopore Technologies' MinKNOW software, a DNA and RNA sequencing platform. These flaws could allow attackers to gain unauthorized access, exfiltrate data, and disrupt sequencing operations.

A critical vulnerability affects Adobe Experience Manager Forms JEE. This flaw allows attackers to execute arbitrary code on affected systems. The vulnerability has been added to CISA’s KEV catalog, indicating confirmed exploitation in the wild.