VERY IMPORTANT

This weekly threat bulletin highlights several critical vulnerabilities and emerging threats. A severe RCE vulnerability in React Server Components and Next.js (CVE-2025-55182) is being actively exploited. CISA added four critical flaws to its 'Must-Patch' list, including vulnerabilities in Versa Concerto, eslint-config-prettier, Zimbra Collaboration Suite, and Vite. GitLab released patches for multiple high-severity vulnerabilities. A new macOS malware called MonetaStealer targets crypto wallets and financial data. Lastly, a critical RCE vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited by threat actors, including the Clop ransomware group.