Announcements

Adobe has released security updates to fix several vulnerabilities across multiple Adobe Commerce products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site scripting attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems Sample of the addressed vulnerabilities: 1. Adobe Commerce Improper Authorization (CWE-285) (CVE-2025-24434): […]

Juniper has released security updatesto fix a critical vulnerability affectingmultiple Juniper Networks products. The addressed vulnerability could allow the remote attacker to bypass authentication and take administrative control of the affected systems. Juniper Networks API Authentication Bypass Vulnerability (CVE-2025-21589): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Consequences: Gain

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (68) vulnerabilities, with (1) classified as critical as they could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or

Rsync has released security updatesto fix several vulnerabilities affecting all Rsync versions up to and including version 3.4.0. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, gain elevated privileges, manipulate data, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Rsync

Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site scripting attacks, obtain sensitive information, conduct denial of services attacks, execute arbitrary commands, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Cisco Identity Services

Mozilla has released an updated Firefox version 135, Firefox ESR versions 128.7, and 115.20 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to perform spoofing attacks, conduct exploitable crashes, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Use-After-Free

Veeam has released a security update to fix a critical vulnerability across multiple Veeam products. The addressed vulnerability could allow the remote attacker to utilize a Man-in-the-Middle attack to execute arbitrary code with root-level permissions and gain access to the affected systems. Veeam Backup Arbitrary Code Execution Vulnerability (CVE-2025-23114): CVSS: 9.0 Attack Vector: Network Attack

Apple has released security updates to address multiple vulnerabilities across macOS Sequoia, Sonoma, Ventura, and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct spoofing attacks, obtain sensitive information, perform denial of services attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems. Sample of the

Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products. The addressed vulnerabilities could allow the attacker to conduct denial of services attacks, bypass security restrictions, perform cross-site scripting attacks, obtain sensitive information, or gain elevated privileges and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Cisco Meeting

SonicWall has released a security update to fix a critical vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) version 12.4.3-02804 and earlier versions. The addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary OS commands and gain unauthorized access to the affected systems. SonicWALL SMA1000 Pre-Authentication Remote Command

Oracle released its critical patch updates for January 2025, containing (318) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, gaining elevated privileges, conducting denial of service attacks, performing data manipulation (update, insert, or delete

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to escalate elevated privileges, perform denial of service attacks, bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti EPM Path

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform denial of services attacks, manipulate files, conduct SQL injection attacks, bypass security restrictions, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed eight zero-day vulnerabilities with three actively exploited in attacks. Microsoft has fixed (161) vulnerabilities, with (3) classified as critical as they could allow the attacker to conduct spoofing attacks, perform denial of service attacks, gain elevated privileges, obtain

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such SAP NetWeaver ABAP and ABAP Platform, SAP NetWeaver AS for ABAP and ABAP Platform, SAP BusinessObjects Business Intelligence Platform, SAPSetup, SAP Business Workflow, SAP Flexible Workflow, SAP NetWeaver Application

Ivanti has released security updates to fix two vulnerabilities across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. Ivanti Connect Secure Remote Code Execution (CVE-2025-0282): CVSS:

Sophos has released security updates to fix multiple vulnerabilities in Sophos firewall versions 21.0 GA (21.0.0) and older. The severity of the addressed vulnerability could allow the remote attacker to execute remote code and gain access to the affected versions. 1. Sophos firewall pre-auth SQL injection vulnerability (CVE-2024-12727): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Apache has released security updates to address two vulnerabilities affecting multiple versions of Apache Tomcat. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code, and gain access to the affected systems. The addressed vulnerabilities: 1. Apache Tomcat Code Execution Vulnerability (CVE-2024-50379): CVSS: 9.8 Attack Vector: Network

Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary command/code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiWLM Remote Command/Code Execution Vulnerability (CVE-2023- 34990): CVSS: 9.6 Attack Vector: Network Attack Complexity:

 Apple has released security updates to address multiple vulnerabilities across macOS Ventura, macOS Sequoia, macOS Sonoma, and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform denial of services attacks, elevate privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: