Android partners and customers have experienced a temporary respite from double-digit vulnerabilities this summer. Google issued no security patches in its update last month.

The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model.

The Departments of Energy, Homeland Security and Health and Human Services have been impacted.

The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.

Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications.

French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.

A researcher tells CyberScoop that up to 80% of enterprises could be vulnerable to the zero-day Microsoft patched in its June update.