A critical vulnerability identified as CVE-2025-49113 in Roundcube Webmail software is actively being exploited worldwide, with approximately 84,000 unpatched instances reported. This flaw permits remote code execution by authenticated users and has been frequently targeted by potential state-sponsored actors. Marwan Hachem, COO of FearsOff Cybersecurity, emphasized the national security risks posed by this vulnerability, urging governments and major institutions to implement urgent updates as exploit code has become publicly available. In addition to Roundcube, two critical vulnerabilities have been detected in Erlang/OTP SSH, one allowing remote code execution without credentials and another enabling email theft via cross-site scripting (XSS). Furthermore, a major flaw in the PayU WordPress plugin has been discovered, enabling attackers to hijack accounts on approximately 5,000 WordPress sites without requiring login credentials. Researchers also reported multiple previously unknown security flaws in open-source projects, including a vulnerability in the Linux Kernel USB protocol stack. These developments highlight ongoing cybersecurity threats across widely used software platforms.