Dutch cybersecurity authorities have confirmed active exploitation of a critical vulnerability, CVE-2025-6543, in Citrix NetScaler devices, impacting organizations in key sectors. Concurrently, a widespread exploitation campaign targeting Operational Technology (OT) networks through an Erlang/OTP vulnerability has been observed, with reports indicating that 70% of these attacks focus on OT firewalls. In addition, Microsoft has released a patch addressing CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server 2016 and 2019. Despite advisories from Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), more than 29,000 instances of this Exchange Server flaw remain unpatched. Furthermore, new research by Pentera has identified critical injection vulnerabilities in the ingress-nginx Kubernetes controller, revealing additional attack vectors beyond previously known issues due to common configuration oversights.