The Week in Vulnerabilities: 717 New Cybersecurity Flaws Reported! 

MITRE Techniques

• [T1190] Exploit Public-Facing Application – Used for unauthenticated RCEs and exploitation of network devices (e.g., “a deserialization flaw in Microsoft SharePoint Server enables unauthenticated remote code execution”).
• [T1203] Exploitation for Client Execution – Browser engine flaws (CVE-2025-6558) enable remote attacks via ANGLE/WebKit vulnerabilities (“a critical input validation bug impacting Google Chrome’s ANGLE and Apple’s WebKit browser engine threatens millions of users with potential remote attacks”).
• [T1068] Exploitation of Remote Services – Vulnerabilities in VPN/WebVPN interfaces and network appliances (Cisco ASA, D-Link, SonicWall) allow remote compromise (“CISA expanded its KEV catalog by adding three new D-Link device vulnerabilities that are currently being exploited in the wild”).
• [T1210] Exploitation of Vulnerability – Underground trading and active exploitation of critical CVEs like NVIDIA container escape and SMBGhost zero-day (“NVIDIA Container Toolkit container escape vulnerability (CVE-2025-23266)… offered on an underground forum; SMBGhost… was also offered on an underground forum”).
• [T1105] Ingress Tool Transfer – Attackers upload and execute malicious code via unrestricted file upload vulnerabilities (Trend Micro Apex One RCE and Dell KACE unrestricted file upload) (“remote code execution vulnerabilities… permit attackers to upload and execute malicious code without authentication”).
• [T1059] Command and Scripting Interpreter – Command injection flaws in devices (QNAP, Telesquare TLR-2005Ksh) enable arbitrary command execution (“Command injection in Telesquare TLR-2005Ksh devices allows arbitrary system command execution”).
• [T1496] Resource Hijacking – CoinMiner Linux and Monero miners deployed on compromised hosts to mine cryptocurrency (“CoinMiner Linux silently mines cryptocurrency… Monero cryptocurrency miners… activated remotely via Firebase Cloud Messaging”).