Tag: patching
89 articles

Cisco firewalls Urgent Critical Fixes for Risky Flaws
Cisco firewall flaws are being actively exploited — U.S. and U.K. agencies are urging immediate patches and mitigations. Don’t wait: update ASA/FTD devices, boost monitoring, and isolate critical assets now to stop attackers using your perimeter as a foothold.

GoAnywhere zero-day: Stunning Critical Risk Exposed
A WatchTowr Labs investigation suggests attackers were exploiting a CVSS 10.0 flaw in Fortra’s GoAnywhere MFT as early as Sept. 10—seven days before public disclosure—forcing organizations to scramble from defense to damage control. If true, this zero-day is a wake-up call to inventory, patch, and assume breach now before the quiet access turns catastrophic.

Cisco IOS zero-day: Critical, Must-Fix Security Risk
Cisco just confirmed a new IOS/IOS XE zero-day under active attack that can let attackers who reach SNMP gain elevated—or even root—access to routers and switches. If you manage network gear, now’s the time to lock down SNMP, block untrusted access, monitor for odd device behavior, and prioritize patches.

Libraesva ESG Urgent Patch: Critical Risk Exposed
A newly patched command-injection flaw in Libraesva’s Email Security Gateway was reportedly exploited by state-sponsored actors, putting email perimeters at risk of lateral movement and data theft. If you run ESG, update immediately, segment management interfaces, and hunt for signs of compromise.

SolarWinds Web Help Desk Urgent Hotfix — Critical Risk
SolarWinds has issued hotfixes for a critical RCE (CVE-2025-26399) in Web Help Desk—if left unpatched attackers could run arbitrary commands on affected systems. Act now: find exposed instances, apply the hotfix immediately, and review logs for any signs of compromise.

Ivanti EPMM Urgent: Must-Have Fixes for Risky Flaws
Urgent: CISA found attackers exploited Ivanti EPMM flaws to push multiple malware families — if your organization uses this MDM, patch immediately and rotate admin credentials. Lock down management access with MFA and monitor console activity now to prevent a potentially wide-scale breach.

GoAnywhere MFT Critical: Urgent Patch Warning
Fortra has warned of a critical “10/10” flaw in GoAnywhere MFT that’s widely used across enterprises and may already be weaponized — if you run it, treat this as an emergency: inventory systems, apply patches or mitigations now, and hunt for signs of compromise.

Akira ransomware: Stunning High-Risk SonicWall Exploit
Heads up: Akira ransomware is actively exploiting three SonicWall vulnerabilities. If you run SonicWall gear, patch now and double-check your defenses to avoid compromise.

SessionReaper: Must-Have Patch for Critical Risk
Adobe just released an emergency patch for the critical SessionReaper flaw in Magento that can let attackers hijack customer sessions or run code—if you run Magento, update immediately. After patching, review logs, lock down admin interfaces, and audit extensions to ensure you weren’t compromised.

Microsoft patch cycle: Urgent Must-Have Critical Fixes
Microsoft’s latest update closes 80 vulnerabilities — highlighted by SMB privilege‑escalation fixes and a CVSS 10 Azure bug — with one publicly known at release but no reported zero‑day exploits. If you value uptime and data safety, prioritize patching internet‑facing systems and critical cloud workloads now.

zero-day vulnerabilities: Urgent Critical Patch Alert
Don’t wait: Microsoft’s Patch Tuesday fixed 80+ vulnerabilities, including two publicly disclosed zero-days with exploit details already circulating. Prioritize scanning, testing, and deploying patches now — and apply mitigations where needed — before attackers get the upper hand.

CVE-2025-54236: Must-Fix Critical Takeover Threat
If you run Adobe Commerce or Magento Open Source, treat CVE-2025-54236 (SessionReaper) as urgent—apply the vendor patch, rotate sessions and enforce MFA now to prevent account takeover. Customers should reset passwords and monitor accounts until sites confirm fixes.

SAP S/4HANA vulnerability: Critical Risky Threat
A critical SAP S/4HANA vulnerability (CVE-2025-42957) is already being exploited in the wild, turning routine patching into an urgent race. Inventory exposed systems, apply mitigations or patches now, and hunt for signs of compromise before attackers reach your finance and HR systems.

SAP S/4HANA Critical Bug – Must-Fix Urgent Patch
A critical CVSS 9.9 code‑injection flaw in SAP S/4HANA is being actively exploited to let low‑privileged attackers gain superuser control. Patch immediately, isolate exposed systems, and hunt for signs of compromise to prevent catastrophic operational and data loss.

ViewState deserialization: Critical Must-Have Patch
When Sitecore patches were abused in an active ViewState deserialization attack, Google Cloud’s Mandiant stepped in to disrupt the campaign — a stark reminder to inventory Sitecore instances, apply patches immediately, and enable ViewState protections to prevent fast-moving compromises.

Android security bulletin: Urgent Must-Have Fixes
Google’s massive September Android bulletin patches 120 vulnerabilities — including two already exploited in the wild — so installing updates ASAP is no longer optional. Device makers and carriers must accelerate rollouts, or millions of phones will remain easy targets.

zero-click exploit: Stunning Dangerous WhatsApp Flaw
WhatsApp has just patched a rare zero-day, zero-click flaw that let attackers run code and spy on devices without any user action. If you use WhatsApp, update now — silent exploits like this show why keeping apps and phones patched is essential.

authentication bypass: Urgent Critical Emergency Flaw
Could a single click hand a stranger the keys to your vault? Click Studios has rushed a patch for a Passwordstate flaw that can create an emergency admin account — if you use Passwordstate, patch immediately, assume possible compromise, and check for unauthorized accounts.

Citrix NetScaler Must-Have Patch to Stop Risky Exposure
Think you lock your doors at night? More than 13,000 Citrix NetScaler appliances remain exposed online despite patches — one flaw is already being actively exploited, so patch now or isolate and lock down access before attackers find you.

NetScaler appliances Must-Have Urgent Patch Alert
Citrix just released fixes for three critical NetScaler zero-days—one already exploited—so update and verify your appliances immediately. Then shore up defenses with segmentation, MFA and monitoring to reduce exposure while you patch.

CVE-2025-7775 Urgent: Critical NetScaler RCE Risk
Citrix has released fixes for three NetScaler vulnerabilities — including actively exploited CVE-2025-7775 — so if you run NetScaler ADC/Gateway, patch immediately and hunt for signs of compromise. These gateway flaws can allow remote code execution or disruption, so quick action will sharply reduce your risk.

exploit code Exclusive: Risky Leak Spurs Policy Shift
After a SharePoint zero-day was weaponized, Microsoft quietly stopped sharing proof-of-concept exploit code with some Chinese firms — a pragmatic but politically fraught move that highlights the uneasy trade-off between helping defenders and giving attackers a roadmap. The incident makes clear we need faster patching, tighter disclosure controls, and better international norms to protect users without splintering cooperation.

Commvault RCE: Critical Exploit – Patch Immediately
Could your backup system be a backdoor? Commvault patched four pre-auth vulnerabilities (notably CVE-2025-57788) in 11.36.60 that can be chained into remote code execution—update now or apply compensating controls to protect your backups and recovery.

end-of-life Cisco Risky Nightmare: Must-Have Fix
The FBI says Russian-linked hackers used a seven‑year‑old, unpatched Cisco flaw to steal router and switch configurations from thousands of systems—giving attackers maps, credentials and direct access to critical infrastructure. If you’re still running legacy kit, now’s the time to inventory, isolate, and prioritize replacements or strict compensating controls.