Honeywell subsidiary Tridium's Niagara Framework has been impacted by over a dozen security flaws, which could be leveraged to facilitate significant compromise of building systems, according to Facilities Dive.
Threat actors could compromise over 200,000 WordPress sites' admin accounts by exploiting a high-severity Post SMTP plugin vulnerability, tracked as CVE-2025-24000, BleepingComputer reports.
Widespread intrusions compromising vulnerable on-premises Microsoft SharePoint servers are believed by Trend Micro Zero Day Initiative Head of Threat Awareness Dustin Childs to have been facilitated by the exposure of bug details from the Microsoft Active Protections Program, where security vendors were able to obtain advanced access to the flaw earlier this month after being discovered in May, The Register reports.
Patches for CVE-2025-40599, a critical vulnerability that involves an arbitrary file upload issue in Secure Mobile Access (SMA) 100 appliances' web management interface, were released by SonicWall and included in software version 10.2.2.1-90sv and 500v virtual products, SecurityWeek reports.
Sygnia, a cybersecurity firm, reported that a threat actor known as Fire Ant is targeting virtualization and networking infrastructure, The Hacker News reports.
