Patch/Configuration Management

Versa Networks' centralized management and orchestration platform Versa Concerto has been impacted by a trio of serious vulnerabilities, which could be leveraged for authentication evasion and arbitrary code execution, according to BleepingComputer.

Chinese state-backed threat operation UNC5221 has launched attacks exploiting the recently addressed Ivanti Endpoint Manager Mobile flaws, tracked as CVE-2025-4427 and CVE-2025-4428, against telecommunications, healthcare, government, defense, finance, and aviation organizations in North America, Europe, and the Asia-Pacific since May 15, The Hacker News reports.

Analysis revealed the deployment of various backdoors by suspected Chinese-speaking threat actors.

Industrial automation firm AutomationDirect's MB-Gateway devices, which are being leveraged in critical infrastructure organizations worldwide, have been impacted by a maximum severity missing authentication vulnerability, tracked as CVE-2025-36535, which could be exploited for remote intrusions, SecurityWeek reports.

Ivanti Endpoint Manager Mobile instances in cloud environments impacted by the authenticated bypass flaw, tracked as CVE-2025-4427, and the post-authentication remote code execution issue, tracked as CVE-2025-4428, have been subjected to ongoing attacks since Friday, following the initial targeting of on-premises implementations, The Register reports.

Updates have been released by Mozilla to resolve a pair of critical out-of-bounds access flaws impacting the Firefox browser, which have been abused as zero-days at last week's Pwn2Own Berlin hacking contest, resulting in bounties of $50,000 each for Palo Alto Networks' Edouard Bochin and Tao Yan, as well as security researcher Manfred Paul, according to The Hacker News.

Widely used WordPress plugin RomethemeKit for Elementor was discovered to be affected by a critical security vulnerability, tracked as CVE-2025-30911, which could be leveraged to facilitate remote code execution, Infosecurity Magazine reports.

Initial exploitation of the security bug enabled arbitrary command execution, Metasploit payload deployment, AnyDesk installation, and command-and-control channel creation, according to The DFIR Report.