The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include several critical security flaws actively exploited by threat actors. Notably, a zero-click, wormable vulnerability in Commvault's software (CVE-2025-34028, CVSS 10.0) allows attackers to execute remote code by uploading malicious ZIP files without requiring login credentials. Despite patches, researchers have reported that this Commvault bug remains exploitable. Additionally, CISA has added a critical flaw in Langflow (CVE-2025-3248) and vulnerabilities in SonicWall products to the KEV list amid ongoing exploitation. Apple devices are also at risk due to wormable AirPlay protocol vulnerabilities (CVE-2025-24252 and CVE-2025-24132) that enable zero-click remote code execution over public Wi-Fi, potentially affecting 1.8 billion devices. The agency has released advisories concerning industrial control systems (ICS) and operational technology (OT), warning that unsophisticated cyber actors are targeting U.S. critical infrastructure, particularly in the energy sector and oil and gas organizations. A U.S. organization was breached by Play ransomware exploiting a Windows zero-day vulnerability (CVE-2025-29824) via a Cisco ASA device, where attackers deployed fake Palo Alto files, stole Active Directory data, and planted custom tools but did not activate ransomware. SysAid has patched four critical pre-authentication remote code execution vulnerabilities in its on-premise software, which previously allowed attackers to escalate privileges through an exploit chain involving XML External Entity injection and OS-level command injection. CISA, in coordination with the FBI and other U.S. government partners, has issued a fact sheet outlining five primary mitigations for critical infrastructure organizations to protect OT and ICS systems.