CERT Polska is observing a malicious email campaign conducted by the UNC1151 group against Polish entities, exploiting a vulnerability in the Roundcube software.

SQL Injection vulnerability (CVE-2025-4568) has been found in 2ClickPortal software.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2024-13915 to CVE-2024-13917) found in applications preloaded on Ulefone and Krüger&Matz smartphones.

TCC Bypass vulnerability has been found in three macOS applications: Poedit (CVE-2025-4280), Viscosity (CVE-2025-4412), DaVinci Resolve (CVE-2025-4081)

Incorrect connection releasing causing pool exhaustion (CVE-2025-3864) has been found in hackney software.

Cleartext Storage of Sensitive Information vulnerability (CVE-2025-4053) has been found in Be-Tech Mifare Classic cards software.

Cross-site Scripting (XSS) vulnerability (CVE-2025-4379) has been found in Studio Fabryka DobryCMS software.

CERT Polska has received a report about 3 vulnerabilities (from CVE-2025-3893 to CVE-2025-3895) found in MegaBIP software.

CERT Polska has received a report about 7 vulnerabilities (from CVE-2025-1415 to CVE-2025-1421) found in Proget software.

Missing Authorization vulnerability (CVE-2025-4430) has been found in EZD RP software.