A new CVE shows Slovensko.Digital Autogram’s XML /sign endpoint can be abused by a crafted website to perform SSRF and read local files; act now to inventory, contain and disable external entities.

If you run Juju, inventory affected versions, revoke secret-set grants and rotate any secrets that might have been changed now.

Companies House restored WebFiling after fixing a vulnerability that may have exposed personal data of millions of firms; here’s what to check first and how ISO controls help.

Authenticated RCE in Raytha’s functions module lets privileged users run JavaScript that instantiates .NET components; fixed in v1.4.6, upgrade now or isolate the feature.

Experts told TIME the Iran war raises the threat of cyber attacks aimed at the U.S.; firms should check remote access, MFA and backups now.

OneUptime’s telemetry aggregation API allowed authenticated users to inject arbitrary SQL into ClickHouse, exposing cross-tenant telemetry and enabling data modification and potential remote code execution; fixed in 10.0.23.

Attackers used endpoint management software to wipe devices at Stryker, disrupting manufacturing and shipping; treat management consoles as high-risk assets.

Handala claims to have erased over 200,000 devices at Stryker, causing a global outage and exposing gaps in backups, access controls and supplier oversight.