#patch-tuesday

Microsoft’s February Patch Tuesday addresses six actively exploited zero-days in Windows Shell, MSHTML, Word, and Desktop Window Manager, preventing privilege escalation and denial-of-service attacks.

Source: Infosecurity Magazine

January updates fix over a hundred flaws across Windows and Office, including zero-days already used in real-world attacks.

Source: BleepingComputer

Microsoft’s latest Patch Tuesday fixes a Windows Kernel flaw already exploited by attackers to gain full system control, alongside 63 other vulnerabilities across its products.

Source: BleepingComputer

Microsoft released its November Patch Tuesday updates, addressing sixty-three vulnerabilities, including one actively exploited Windows kernel zero-day. The patches covered multiple products, including Windows 10, Windows 11, and server editions, with several critical flaws identified.

SAP published its November security advisories, including fixes for a maximum severity flaw, CVE-2025-42890, involving hard-coded credentials in SQL Anywhere Monitor. The issue allowed unauthorised remote code execution without authentication.

Synology issued patches for critical remote code execution vulnerabilities in its BeeStation devices, disclosed at the Pwn2Own Ireland competition. The company advised immediate updates to prevent exploitation.

Threat actors exploited a serious vulnerability in Gladinet’s Triofox file-sharing platform, using its antivirus feature to gain system-level privileges and deploy remote access tools. Google Cloud researchers confirmed the flaw had been exploited after a patch was released.

CISA added CVE-2025-21042, a Samsung mobile zero-day used to distribute LANDFALL spyware, to its Known Exploited Vulnerabilities catalogue. US federal agencies must apply patches by early December under binding operational directives.

Cybersecurity researchers linked the KONNI advanced persistent threat (APT) group, associated with North Korea, to new Android attacks exploiting Google’s Find Hub feature for remote device wiping. The same campaign targeted South Korean users.

GlobalLogic, a subsidiary of Hitachi, disclosed that data belonging to over 10,000 current and former employees was stolen following a breach of Oracle’s E-Business Suite. The incident forms part of the wider Clop ransomware campaign affecting multiple industries.

The OWASP Top 10 for 2025 reaffirmed broken access control as the most common web application security issue. Security misconfiguration and supply chain vulnerabilities remained high priorities for remediation across software ecosystems.

Patches addressed multiple critical vulnerabilities across widely used platforms including Linux Kernel, Apache HTTP Server, and Google Chrome. Active exploitation was confirmed for CVE-2025-21042 and Gladinet Triofox, while a public PoC emerged for Open WebUI CVE-2025-64495 impacting self-hosted AI systems.

Highlights of the day:

Malicious npm package impersonates GitHub library: fake “@acitons/artifact” mimicked GitHub’s “@actions/artifact” to steal build tokens from GitHub-owned repositories; obfuscated scripts and expiry checks used to evade detection.

GlobalLogic breach exposes 10,000+ employees’ data: Clop-linked attackers exploited Oracle E-Business Suite flaws, stealing personal and financial details from staff in a wider campaign targeting major organisations.

Firefox strengthens anti-fingerprinting defences: version 145 introduces new protections that halve user identifiability by fingerprinters, expanding privacy measures in Private Browsing and ETP Strict modes.

Gootloader returns with font-based evasion: malware uses custom WOFF2 fonts to conceal filenames, delivering encrypted payloads via WordPress sites and compromising domain controllers within a day.

Microsoft fixes zero-day and 63 vulnerabilities: November Patch Tuesday addresses an exploited Windows Kernel flaw (CVE-2025-62215) granting SYSTEM privileges, plus multiple Critical remote code execution bugs.

Microsoft patched 59 vulnerabilities in Windows and Office, including six actively exploited zero-days, fixing privilege escalations, security bypasses, and denial-of-service risks.

SAP has fixed multiple high-severity flaws, including a deserialization bug in NetWeaver and a directory traversal issue in Print Service that could allow file overwriting and code execution.

Source: Onapsis

F5 Networks confirmed that nation-state hackers breached its internal systems, stealing BIG-IP source code and data about undisclosed vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive ordering federal agencies to patch affected systems by 22 October. The UK National Cyber Security Centre also warned organisations to apply F5’s latest updates immediately.

The UK Information Commissioner’s Office (ICO) fined Capita £14 million following its 2023 breach that exposed personal information of 6.6 million individuals. Investigators cited the company’s 58-hour delay in responding to the incident as a major factor in the penalty.

Microsoft released its October Patch Tuesday updates, fixing more than 170 vulnerabilities, including several zero-day flaws under active exploitation. The patched issues affect multiple products, including Windows, Office, and Edge.

Researchers found that over 100 Visual Studio Code (VS Code) extensions leaked sensitive tokens that could allow attackers to distribute malicious updates to users, posing a severe software supply chain risk. Microsoft has since revoked compromised tokens and worked with developers to secure affected extensions.

New vulnerabilities were disclosed in SAP NetWeaver and Red Lion Sixnet industrial systems, both carrying maximum CVSS scores of 10.0. Exploitation could allow remote attackers to execute arbitrary commands or gain full control of affected devices.

In coordinated enforcement actions, the UK and United States sanctioned Southeast Asian scam networks operating from Cambodia and Myanmar. The groups ran large-scale online fraud operations involving fake investment schemes and human trafficking-linked call centres.

Today’s advisories highlighted critical vulnerabilities across Microsoft, F5, Fortinet, Veeam, and multiple Linux kernel components, with CISA issuing an emergency directive for F5 devices following a nation-state breach. Adobe and Google Chrome also patched actively exploited code-execution flaws.

Highlights of the day:

SAP patches critical deserialization and traversal flaws: October updates fix severe issues in SAP NetWeaver AS Java and Print Service, including CVSS 10.0 vulnerabilities.

Red Lion RTUs exposed to pre-auth RCE: two CVSS 10.0 flaws in SixTRAK and VersaTRAK devices allow remote root command execution via the Sixnet Universal protocol.

Capita fined £14m for 2023 ransomware breach: UK regulator cites weak access controls and delayed response that enabled Black Basta to access data on 6.6 million individuals.

Hackers steal F5 BIG-IP source code and zero-day data: nation-state attackers infiltrated development environments but no customer impact or software tampering was found.

VSCode extensions leaked hundreds of secrets: over 550 credentials found in 500+ extensions risked large-scale supply chain compromise across 150,000 installations.

Chinese APT 'Jewelbug' infiltrates Russian IT provider: group maintained five months of access to code repositories, suggesting espionage and potential supply chain targeting.

Microsoft, Adobe, and SAP released critical security fixes, including patches for zero-days and enterprise vulnerabilities. Adobe addressed CVE-2025-54236, a Commerce flaw enabling account takeover. A large npm supply chain compromise impacted up to 10% of cloud environments. Jaguar Land Rover confirmed attackers stole data during its recent cyberattack. Researchers uncovered new malware targeting macOS, Windows, and Linux.