The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical directory traversal vulnerability in Grafana, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog.

The campaign targets enterprises across finance, healthcare, and technology sectors that have adopted LLM chatbots for customer service and automation. Attackers have successfully exfiltrated internal system data and more.

A supply chain vulnerability was found in the Axis Plugin for Autodesk Revit, where hard-coded Azure Storage Account credentials were embedded in signed DLLs. These credentials enabled unauthorized access to cloud-hosted MSI installers and RFA files.

Threat actors are increasingly abusing legitimate open-source tools for malicious purposes. Recent campaigns have seen the misuse of Velociraptor and Nezha to maintain persistence, exfiltrate data, and deploy ransomware and RATs.

RondoDox is a large-scale botnet active since June 2025, targeting 56 n-day vulnerabilities across over 30 device types, including routers, DVRs, and web servers. Since its discovery, the botnet has expanded its arsenal of exploits

A new variant of the Chaos ransomware family, dubbed Chaos-C++, has emerged targeting Microsoft Windows systems. This version is the first known Chaos variant not written in .NET, marking a significant shift in its development.

A critical authentication bypass vulnerability (CVE-2025-5947) in the Service Finder WordPress theme is being actively exploited by threat actors. Over 13,800 exploitation attempts have been recorded since August 1.

GitLab issued a security advisory (AV25-650) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerabilities affect versions prior to 18.4.2, 18.3.4, and 18.2.8.

A high-severity SQL injection vulnerability (CVE-2025-59397) has been identified in Open Web Analytics (OWA) version 1.8.0 and likely affects earlier versions. The flaw allows authenticated users to inject arbitrary SQL commands.

A new infostealer malware named Shuyal Stealer has been identified by a Threat Intelligence Team. This malware targets login credentials and Discord tokens from 17 different web browsers.