ThreatGrid Team

A zero-day in Google Chrome’s ANGLE/GPU components (CVE‑2025‑6558) is being actively exploited to bypass browser sandboxing—visit a malicious page, and attackers may gain access to your system. Update Chrome immediately.

PostgreSQL users should update immediately to address CVE-2025-27741, a SQL injection flaw that could allow attackers to steal, alter, or delete sensitive data through unsafe query handling.

VMware ESXi users are urged to patch immediately after the discovery of CVE-2025-26012, a critical RCE flaw that could allow attackers to seize control of entire virtualized environments from a single network request.

Cisco has patched a high-severity flaw in IOS XE that lets attackers with local credentials escalate to root privileges. CVE-2025-30041 puts enterprise routers, switches, and wireless controllers at risk of complete takeover.

Atlassian has patched a Confluence flaw that could let attackers read private wiki pages without proper permissions. CVE-2025-21984 poses serious data leakage risks for organizations that store sensitive information in Confluence.

Fortinet has patched a critical SSL VPN buffer overflow in FortiOS that could let attackers take over firewalls without authentication. CVE-2025-14982 is internet-exploitable, making quick mitigation essential.