Patch/Configuration Management

Infosecurity Magazine reports that attacks leveraging zero-day vulnerabilities during the first half of 2025 increased by 46% year-over-year.

SonicWall VPNs face zero-day risk; experts urge disabling service until a patch is released.

GreyNoise observed the six-week CVE rule in 80% of the cases analyzed.

Intrusions involving a Microsoft SharePoint vulnerability were noted by the Center for Internet Security to have compromised over 90 state and local governments across the U.S., Reuters reports.

Security teams should patch right away because exploiting ISE lets attackers gain full control of an enterprise network.

Observed intrusions exploiting a pair of maximum severity injection flaws impacting Cisco's Identity Services Engine, tracked as CVE-2025-20281 and CVE-2025-20337, and another cross-site request forgery bug affecting PaperCut NG/MF, tracked as CVE-2025-2533, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports Security Affairs.

Shell commands could have been executed without user permission or knowledge.