Affected by the vulnerability, which stems from the availability of static user credentials for root accounts during development, were Cisco Unified CM and Unified CM SME Engineering Special releases 15.0.1.13010-1 to 15.0.1.13017-1.
Updates have been issued by Google to resolve an actively exploited zero-day vulnerability impacting its Chrome browser, tracked as CVE-2025-6554, which is the fourth Chrome zero-day addressed by Google so far this year, The Hacker News reports.
SecurityWeek reports that organizations, particularly those in critical infrastructure sectors, could be remotely compromised through the exploitation of a trio of flaws impacting Microsens' NMP Web+ offering, which allows management of industrial switches and other network equipment.
Almost 1,289 Citrix NetScaler ADC and NetScaler Gateway servers continue to be at risk of intrusions involving the critical out-of-bounds memory vulnerability CVE-2025-5777, dubbed as "Citrix Bleed 2", while 2,100 instances remain vulnerable to the critical memory overflow issue, tracked as CVE-2025-6543, following the release of fixes last week, according to Cyber Security News.
Threat actors were observed by ReliaQuest to have been leveraging the recently disclosed critical Citrix NetScaler Gateway vulnerability, tracked as CVE-2025-5777, to facilitate initial systems compromise, according to Cybersecurity Dive.
The U.S. government is warning organizations to check their operational technology (OT) networks following the disclosure of new vulnerabilities in industrial control system (ICS) hardware.
