Announcements

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one actively exploited zero-day vulnerability. Microsoft has fixed (63) vulnerabilities, with (1) classified as critical, as it could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute […]

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP SQL Anywhere Monitor (Non‑GUI), SAP Solution Manager, SAP NetWeaver, SAP HANA, SAP Business Connector, SAP S/4HANA (E‑Recruiting BSP), SAP Business One, SAP GUI for Windows, and

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to conduct denial-of-service attacks, upload arbitrary files, bypass authentication, perform reflected cross-site scripting attacks, elevate privileges to root, obtain sensitive information, orexecute arbitrary commands/codes and gain access to the affected systems. Sample of addressed vulnerabilities:

Apache has released security updates to address multiple vulnerabilities affecting Apache Tomcat. The addressed vulnerabilities could allow the attacker to perform denial-ofservice attacks, execute code, and gain access by sending a specially crafted URL to the affected system. Sample of the addressed vulnerabilities: 1. Apache Tomcat Console Manipulation Via Escape Sequences in Log Messages Vulnerability

Mozilla has released an updated Firefox version 144.0.2 to address critical vulnerability The addressed vulnerability could allow the attacker to execute arbitrary code and gain access to the affected system. Mozilla Firefox Use-after-free in WebGPU internals triggered from a compromised child process (CVE-2025-12380): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required: None User

Oracle released its critical patch updates for October 2025, containing 374 new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks, such as obtaining sensitive information, conducting denial of service attacks, performing data manipulation (update, insert, or delete access), or executing

ConnectWise has released a security update to fix multiple vulnerabilities in ConnectWise Automate. The addressed vulnerabilities could allow the attacker to perform adversary-inthe- middle (AitM) attacks to view or modify traffic or substitute malicious updates and obtain sensitive information by configuring agents to communicate over HTTP instead of HTTPS. Sample of the addressed vulnerabilities: ConnectWise

Mozilla has released an updated Firefox version 144, Firefox ESR versions 115.29 and 140.4 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Mozilla Firefox

F5 has released security updates to address several vulnerabilities affecting multiple F5 products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, corrupt memory, bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code/commands, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. F5OS-A and

Adobe has released security updates to address several vulnerabilities across multiple Adobe products. The addressed vulnerabilities could allow the attacker to perform denial of service or cross-site scripting attacks, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Adobe Connect Cross-Site

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed six zero-day vulnerabilities. Microsoft has fixed (175) vulnerabilities, with (5) classified as critical, as they could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code

Veeam has released a security update to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Veeam Backup & Replication Remote Code Execution Vulnerability (CVE- 2025-48983): CVSS: 9.9 Attack

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Supplier Relationship Management, SAP NetWeaver Application Server ABAP, SAP BusinessObjects, SAP Print Service, and SAP Commerce Cloud. The attacker could exploit some

Juniper has released security updates to fix several vulnerabilities affecting multiple Juniper Networks products. The addressed vulnerabilities could allow the remote attacker to perform denial of service or cross-site scripting attacks, obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary commands and gain access to the affected system. Sample of the addressed

Grafana has released security updates to address several vulnerabilities affecting multiple Grafana plugins. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Grafana Image Renderer Plugin Remote Code Execution Vulnerability

Redis has released security updates to fix several vulnerabilities affecting all Redis Software releases. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: Lua Use-After-Free Remote Code Execution Vulnerability (CVE 2025-49844): CVSS:

Oracle has released a critical security update to fix a zero-day vulnerability across Oracle E-Business Suite, versions 12.2.3-12.2.14. The addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code over HTTP and gain access to the affected product. Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2025-61882): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Sudo has released security updates to address several vulnerabilities across Sudo versions 1.8.8 to 1.9.17. The addressed vulnerabilities could allow the local attacker to gain elevated privilege on systems that support the “etc/nsswitch.conf” file by tricking sudo into loading an arbitrary shared library by creating a new file under the user-specified root directory. Sample of

Apple has released security updates to address multiple vulnerabilities across macOS Tahoe, Sequoia, Sonoma, and Safari. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause memory corruption, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected system. Sample of the addressed

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, gain elevated privileges, obtain sensitive information, or execute arbitrary commands and gain access to the affected product. Sample of addressed vulnerabilities: 1. Cisco Secure Firewall