Threat actors could compromise 46,506 Grafana implementations or almost 36% of internet-exposed open-source infrastructure monitoring and visualization platform instances in attacks exploiting the client-side open redirect flaw, tracked as CVE-2025-4123, according to BleepingComputer.
The Hacker News reports that ongoing security issues have prompted ConnectWise to schedule a rotation of digital code signing certificates for ScreenConnect, ConnectWise Remote Monitoring and Management, and ConnectWise Automate executables.
Updates have been issued by CoreDNS to fix a high-severity flaw in its DNS-over-QUIC implementation, tracked as CVE-2025-47950, which could be exploited to disrupt DNS servers via stream amplification intrusions, GBHackers News reports.
Major European food delivery platform GonnaOrder had real-time order information from thousands of its customers inadvertently exposed by a Kafka Broker instance that has been unsecured since August 2022, reports Cybernews.
SecurityWeek reports that Adobe has fixed hundreds of flaws impacting several of its offerings, including code execution vulnerabilities in Acrobat Reader and Adobe Commerce, as part of this month's Patch Tuesday.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
