SonicWall is under growing scrutiny for not formally committing to the Cybersecurity and Infrastructure Security Agencys secure-by-design pledge, even as its products continue to face exploitation by cybercriminals, according to CyberScoop.
SecurityWeek reports that fixes have been released by SonicWall to address a trio of vulnerabilities impacting its Secure Mobile Access 100 series appliances.
On-premises SysAid IT support software instances have been impacted by a trio of XML External Entity injection vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777.
Internet exposure of Apache Pinot's primary components facilitated by Kubernetes LoadBalancer services, which remains unknown to the user, has already been exploited by threat actors to access user data.
