Patch/Configuration Management

Security pros advise teams to patch right away or risk losing SOC visibility.

CyberScoop reports that updates have been issued by Microsoft to resolve 111 security flaws across its different offerings as part of this month's Patch Tuesday.

Ongoing intrusions involving the CitrixBleed 2 vulnerability, tracked as CVE-2025-5777, were discovered by the Shadowserver Foundation to potentially compromise 3,312 Citrix NetScaler appliances almost two months following the issuance of patches, according to BleepingComputer.

SAP releases 19 patches on its August Security Patch Day, including three critical S/4 HANA bugs.

The flaw could allow an unauthenticated attacker to read any file, including wp-config.php.

Threat actors could still compromise 29,098 Microsoft Exchange Server instances impacted by the critical hybrid vulnerability, tracked as CVE-2025-53786, by Sunday, despite a Thursday alert from the Cybersecurity and Infrastructure Security Agency ordering the immediate remediation of the security issue, according to SiliconANGLE.

Shadowserver follows up last week’s warnings from Microsoft and CISA to patch the high-severity Exchange flaw.