Tag: PATCH

SAP fixes critical vulnerabilities in NetWeaver application servers
Summary: SAP has addressed two critical vulnerabilities in its NetWeaver web application server that could lead to privilege escalation and unauthorized access to sensitive information. Alongside these critical fixes, SAP also released patches for 12 additional vulnerabilities rated medium to high severity. The company urges customers to promptly apply these updates to safeguard their SAP environments.…
Read More
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to address a command injection vulnerability, CVE-2024-12686, linked to BeyondTrust’s Remote Support services. This medium-severity flaw was identified following a significant data breach at the US Treasury Department, attributed to the Chinese hacking group Silk Typhoon.…
Read More
Critical SAP Flaws Revealed in Latest Security Patch Day
Summary: SAP has released 14 new security notes addressing critical and high-severity vulnerabilities in its core systems, including NetWeaver and BusinessObjects. Notably, two critical vulnerabilities, CVE-2025-0070 and CVE-2025-0066, pose significant risks, allowing unauthorized access and potential privilege escalation. SAP urges customers to apply the patches promptly to safeguard their systems against potential threats.…
Read More
Unauthenticated Attackers can Exploit Two Junos Vulnerabilities to Cause Crashes
Summary: Juniper Networks has issued advisories for two critical vulnerabilities in their Junos OS and Junos OS Evolved systems, emphasizing the need for prompt patch management. The first vulnerability allows unauthenticated attackers to crash the routing protocol daemon (RPD) via malformed BGP packets, while the second leads to kernel memory exhaustion through crafted IPv6 packets, resulting in denial of service.…
Read More
Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities
Summary: Nvidia, Zoom, and Zyxel have released critical patches for multiple high-severity vulnerabilities affecting their products, urging users to update immediately. Nvidia’s vulnerabilities could allow for code execution and privilege escalation, while Zoom’s flaw could enable privilege escalation for authenticated attackers. Zyxel addressed an improper privilege management issue that could allow limited users to gain admin rights on certain devices.…
Read More
Chrome 132 Patches 16 Vulnerabilities
Summary: Google has released Chrome 132, addressing 16 security vulnerabilities, including 13 reported by external researchers. Among these, five high-severity flaws were identified, leading to significant bug bounty rewards for the researchers involved. Users are encouraged to update their browsers promptly to mitigate potential risks.

Threat Actor: N/A | N/A Victim: Google Chrome Users | Google Chrome Users

Keypoints :

Chrome 132 includes 16 security fixes, with five high-severity vulnerabilities addressed.…
Read More
Microsoft Patch Tuesday January 2025 Security Update Review Qualys ThreatPROTECT
January 2025 marks the release of Microsoft’s first Patch Tuesday, addressing 159 vulnerabilities, including 10 critical and 149 important. Among these, eight zero-day vulnerabilities have been patched, with three actively exploited. Key updates include fixes for various Microsoft products, notably in Windows and Microsoft Office. Affected: Microsoft Windows, Microsoft Office, .NET,…
Read More
ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA
Summary: Schneider Electric, Siemens, Phoenix Contact, and CISA have issued security advisories for various ICS products in January 2025, addressing multiple vulnerabilities with varying severity levels. The advisories highlight critical issues that could lead to privilege escalation, remote code execution, and information disclosure among others.

Threat Actor: Unknown | unknown Victim: Various ICS Product Users | ICS product users

Key Point :

Schneider Electric released nine advisories, addressing high-severity vulnerabilities in multiple products including PowerLogic and Modicon systems.…
Read More
3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update
Summary: Microsoft has released patches for 161 security vulnerabilities, including three actively exploited zero-days, marking the largest monthly update since 2017. Among the critical flaws, several could allow attackers to execute remote code or gain elevated privileges on affected systems.

Threat Actor: Unknown | unknown Victim: Microsoft Users | Microsoft Users

Key Point :

Microsoft addressed 161 vulnerabilities, including 11 rated Critical and 149 Important.…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
Microsoft Rings in 2025 With Record Security Update
Summary: Microsoft’s January update addresses a record 159 vulnerabilities, including eight zero-day bugs, with three actively exploited privilege escalation vulnerabilities requiring immediate attention. This update marks Microsoft’s largest ever and highlights the role of AI in identifying vulnerabilities.

Threat Actor: Unknown | unknown Victim: Microsoft Technologies | Microsoft Technologies

Key Point :

January update includes patches for 159 vulnerabilities, with 10 rated as critical.…
Read More
Apple Bug Allows Root Protections Bypass Without Physical Access
Summary: Cyber defenders are urged to update macOS systems to address a critical vulnerability (CVE-2024-44243) that compromises the operating system’s security. This flaw allows threat actors to bypass System Integrity Protection (SIP), potentially leading to severe malware installations without physical access.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

Vulnerability allows bypassing of macOS System Integrity Protection (SIP).…
Read More
Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days
Summary: Microsoft is grappling with multiple zero-day vulnerabilities in its Windows Hyper-V platform, with attackers already exploiting these flaws for privilege escalation. The company has issued urgent advisories but has not provided technical details to assist defenders.

Threat Actor: Malicious attackers | malicious attackers Victim: Microsoft | Microsoft

Key Point :

Three zero-day vulnerabilities (CVE-2025-21334, CVE-2025-21333, CVE-2025-21335) in Windows Hyper-V have been exploited.…
Read More
Adobe: Critical Code Execution Flaws in Photoshop
Summary: Adobe has released critical security updates for multiple products, addressing vulnerabilities that could allow remote code execution by malicious hackers. The updates affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and Substance 3D Designer.

Threat Actor: Malicious Hackers | malicious hackers Victim: Adobe | Adobe

Key Point :

Adobe Photoshop update addresses two critical arbitrary code execution vulnerabilities (CVE-2025-21127 and CVE-2025-21122).…
Read More
Windows 11 KB5050009 & KB5050021 cumulative updates released
Summary: Microsoft has released mandatory cumulative updates KB5050009 and KB5050021 for Windows 11 to address security vulnerabilities and improve system features. These updates include various fixes and enhancements, particularly for touchscreen gestures, File Explorer, and speech functionalities.

Threat Actor: Microsoft | Microsoft Victim: Windows 11 Users | Windows 11 Users

Key Point :

Mandatory updates KB5050009 and KB5050021 fix security vulnerabilities and improve system features.…
Read More