Patch/Configuration Management

SecurityWeek reports that vulnerable Fortinet FortiWeb instances impacted by the critical relative path traversal flaw, tracked as CVE-2025-64446, were noted by Fortinet and the Cybersecurity and Infrastructure Security Agency to have been subjected to ongoing attacks, with CISA urging federal agencies to remediate the bug by Nov. 21.

Feds say multiple organizations observed not patching to the minimum software version.

SecurityWeek reports that Ivanti and Zoom have issued fixes for several security issues impacting their respective products.

Malicious actors were noted by the Cybersecurity and Infrastructure Security Agency to have been abusing the critical WatchGuard Firebox bug, tracked as CVE-2025-9242, prompting its inclusion in the agency's Known Exploited Vulnerabilities catalog, reports The Hacker News.

Zero-day attacks against Cisco ISE, Citrix NetScaler observed Threat actors have harnessed the critical Citrix Bleed 2 flaw in Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777, and the maximum severity remote code execution bug in Cisco Identity Services Engine, tracked as CVE-2025-20337, in zero-day intrusions facilitating custom malware distribution, The Hacker News reports.

Updates have been issued by Microsoft to address 63 security issues impacting its products and systems, including an actively exploited high-severity zero-day in Windows Kernel, as part of this month's Patch Tuesday, reports CyberScoop.

SAP disclosed 18 new vulnerabilities, including two critical flaws and one high severity bug.