Tina4 Stack 1.0.3 allows unauthenticated attackers to download the kim.db file and perform SQL injection via the menu endpoint, creating an immediate data breach and credential compromise risk.

Critical unauthenticated file-upload RCE in Astroid Framework for Joomla (CVE-2026-21628, versions 2.0.0–3.3.10). Immediate patching, endpoint blocking and web-root hunting advised.

CVE-2026-27446 lets unauthenticated attackers coerce brokers into outbound federation to rogue servers; patch to 2.52.0 or apply vendor mitigations now.

The NCSC has urged UK businesses and universities to review cyber defences amid rising Middle East tensions; practical ISO 27001 and continuity steps organisations should take now.

A critical CGM CLININET vulnerability lets attackers generate sessions with only a username, risking unauthorised access to clinical accounts; organisations should contain, enforce MFA, review privileges and follow ISO 27001 and ISO 22301 guidance.

A 9.8 critical SQL injection (CVE-2025-11251) in Dayneks’ e‑commerce platform was disclosed with no vendor response, forcing businesses to assume exposure, contain risk and accelerate supplier and patching processes.

A new high-severity vulnerability in the FinalCode Client installer lets non-admin users execute code as SYSTEM; organisations should patch, tighten installer permissions and review supplier controls aligned to ISO 27001 and ISO 22301.