Patch/Configuration Management

Most Recent

Related Videos

Vulnerability Management

Citrix patches critical zero-day, two other flaws

Laura FrenchAugust 27, 2025

CVE-2025-7775 is the third Citrix flaw added to the KEV catalog in two days.

Citrix sign on its office building in Fort Lauderdale, Florida, USA, an American cloud computing and virtualization technology company.

Vulnerability Management

Two Citrix bugs, Git repo flaw added to exploited vulnerabilities list

Steve ZurierAugust 26, 2025

While not critical, CISA added the Citrix and Git bugs to its list based on evidence of active exploitation.

Vulnerability Management

Actively exploited Apple zero-day resolved

SC StaffAugust 21, 2025

Updates have been issued by Apple for the out-of-bounds write zero-day flaw, tracked as CVE-2025-43300, following its exploitation in an "extremely sophisticated" and highly targeted cyber intrusion, BleepingComputer reports.

Critical Infrastructure Security

Russia exploited a 7-year old Cisco flaw to target critical infrastructure, FBI warns

Steve ZurierAugust 21, 2025

FBI warns that security teams should patch this Cisco Smart Install right away.

Ransomware

Warlock ransomware’s ToolShell intrusions have global reach

SC StaffAugust 21, 2025

Organizations around the world have been targeted by the nascent Warlock ransomware operation in attacks exploiting the Microsoft SharePoint zero-day flaws dubbed "ToolShell", Infosecurity Magazine reports.

Critical Infrastructure Security

CISA warns Siemens products affected by third-party privilege escalation bug

Laura FrenchAugust 20, 2025

Several versions of Siemens Desigo CC and SENTRON Powermanager are affected.

Vulnerability Management

Total system breach likely with SAP NetWeaver exploit chain

SC StaffAugust 20, 2025

Total system breach likely with SAP NetWeaver exploit chain Vulnerable SAP NetWeaver instances could be taken over in attacks involving an exploit chain published by VX-Underground, which combines the maximum severity inadequate authorization check flaw, tracked as CVE-2025-31324, and the critical insecure deserialization bug, tracked as CVE-2025-42999, Security Affairs reports.

Patch/Configuration Management

Related Videos

A couple simple steps companies can take to protect their systems from ransomware

Citrix patches critical zero-day, two other flaws

Two Citrix bugs, Git repo flaw added to exploited vulnerabilities list

Actively exploited Apple zero-day resolved

Russia exploited a 7-year old Cisco flaw to target critical infrastructure, FBI warns

Warlock ransomware’s ToolShell intrusions have global reach

CISA warns Siemens products affected by third-party privilege escalation bug

Total system breach likely with SAP NetWeaver exploit chain

Fast Five

Selected by the SC Media Editorial team every Tuesday.