Notepad++ has addressed a critical bug in its WinGUp update tool that allowed attackers to push malicious update files. It was exploited to execute unauthorized commands and exfiltrate sensitive data, posing a significant security risk to users.

Hackers are exploiting vulnerabilities in the emergency data request (EDR) process by impersonating law enforcement officers to obtain private user data from major tech companies.

A critical vulnerability has been identified in Varex Imaging's Panoramic Dental Imaging Software, which could allow attackers to gain elevated privileges. This vulnerability, CVE-2024-22774, has a CVSS v3.1 score of 7.8 and a CVSS v4 score of 8.5.

A critical vulnerability has been identified in the Grassroots DICOM (GDCM) library, which could allow attackers to exploit systems by crafting malicious DICOM files. This vulnerability, CVE-2025-11266, affects multiple open-source products.

The Johnson Controls iSTAR Ultra series, including iSTAR Ultra, Ultra SE, Ultra LT, Ultra G2, Ultra G2 SE, and Edge G2, are vulnerable to OS Command Injection. These vulnerabilities are identified as CVE-2025-43873 and CVE-2025-43874.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2025-58360, affecting OSGeo GeoServer, to its Known Exploited Vulnerabilities (KEV) catalog.

The ValleyRAT backdoor, also known as Winos/Winos4.0, has been dissected to reveal its modular architecture and advanced capabilities. The backdoor is associated with Chinese-speaking threat actors.

A recent campaign has been identified involving 19 malicious VS Code extensions that contain malware disguised as a PNG file. These extensions exploit the "path-is-absolute" npm package to execute malicious activities on developers' machines.

A critical vulnerability, known as "SOAPwn," has been identified in the .NET Framework, allowing attackers to achieve remote code execution by exploiting WSDL imports and HTTP client proxies.

A 0-day bug in Gogs, a self-hosted Git service, is being actively exploited. The vulnerability (CVE-2025-8110) affects Gogs servers with open-registration enabled. Over 700 instances have been compromised, with 1,400 exposed to the internet.