A sophisticated variant of the Havoc Remote Access Trojan (RAT) was deployed in a targeted cyber intrusion against critical national infrastructure in the Middle East. This variant leverages a disguised remote injector to deploy the Havoc payload.

A critical vulnerability (CVE-2025-52562) in Performave Convoy, a KVM server management panel used by hosting providers, allows unauthenticated remote attackers to execute arbitrary PHP code on affected systems.

A sophisticated malware campaign has been uncovered targeting WordPress and WooCommerce platforms. The campaign involves over 20 malware variants focused on credit card skimming, credential theft, ad fraud, and further payload distribution.

A critical vulnerability, tracked as CVE-2024-45347, has been identified in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access. The flaw is rated 9.6 on the CVSS scale.

A critical vulnerability in RARLAB’s WinRAR for Windows, tracked as CVE-2025-6218 with a CVSS score of 7.8 (High), allows attackers to execute arbitrary code by tricking users into opening specially crafted archive files.

Two critical vulnerabilities—CVE-2025-2171 and CVE-2025-2172—were discovered in Aviatrix Controller. These flaws enable full system compromise through an authentication bypass followed by command injection, affecting versions 7.2.5012.

A critical privilege escalation vulnerability, CVE-2025-49144, has been identified in Notepad++ v8.8.1. This flaw allows attackers to gain full system control through a supply-chain attack by exploiting insecure search paths in the installer.

HPE issued a security advisory addressing a vulnerability in the HPE Telco Unified OSS Console. The affected versions include all releases prior to v3.1.16. Users and administrators should apply the necessary updates to mitigate potential risks.

CISA published ICS advisories addressing vulnerabilities in several industrial control system products. These advisories cover multiple products from vendors including Dover Fueling Solutions, Fuji Electric, LS Electric, and Siemens.

Mattermost disclosed a critical vulnerability affecting multiple versions of Mattermost Server. CVE-2025-4981 could allow authenticated users to perform remote code execution via a path traversal flaw in the archive extractor.