Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, October 2025 Security Update Review”
Category: ThreatPROTECT
F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware)
F5 Networks warned its users about a widespread cyberattack that compromised its systems and led to the theft of BIG-IP source code and details of unpatched security vulnerabilities. In the article, F5 describes becoming aware of the breach in August 2025. A highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files … Continue reading “F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware)”
Veeam Addressed Critical Vulnerabilities Impacting Backup and Replication (CVE-2025-48983 & CVE-2025-48984)
Veeam released a security advisory to address two vulnerabilities impacting its Backup and Replication application. Successful exploitation of the vulnerabilities could allow an authenticated domain user to gain complete control of the backup environment, leading to loss of backup integrity, data theft, and potential compromise of production systems.
Microsoft Patch Tuesday, October 2025 Security Update Review
As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need to know. This month’s release addresses a staggering 193 vulnerabilities, including nine critical and 123 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed six zero-day vulnerabilities. … Continue reading “Microsoft Patch Tuesday, October 2025 Security Update Review”
Oracle Addresses a New Vulnerability Impacting E-Business Suite (CVE-2025-61884)
On Saturday, Oracle released a security advisory addressing a high-severity vulnerability impacting E-Business Suite. Tracked as CVE-2025-61884, the vulnerability may allow an unauthenticated remote attacker to access sensitive resources. Oracle has not mentioned the vulnerability’s exploitation. However, Rob Duhart, the chief security officer of Oracle Security, described in his blog that “this vulnerability affects some … Continue reading “Oracle Addresses a New Vulnerability Impacting E-Business Suite (CVE-2025-61884)”
Oracle E-Business Suite Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-61882)
Oracle released a security advisory to address a critical zero-day vulnerability impacting the E-Business Suite. Tracked as CVE-2025-61882, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution. Security reports suggest the vulnerability is actively exploited in Clop data theft attacks.
Broadcom Addresses Actively Exploited Vulnerability in VMware Aria Operations and VMware Tools (CVE-2025-41244)
Broadcom disclosed a local privilege escalation vulnerability affecting VMware’s guest service discovery features. Tracked as CVE-2025-41244, successful exploitation of the vulnerability may allow an unprivileged user to escalate privileges. Maxime Thiebaut from NVISO Labs discovered and reported the vulnerability to Broadcom. The security researcher at NVISO Labs claims that the vulnerability has been exploited in … Continue reading “Broadcom Addresses Actively Exploited Vulnerability in VMware Aria Operations and VMware Tools (CVE-2025-41244)”
Malicious MCP Server on npm postmark-mcp Exploited in Attack
Security researchers discovered a significant vulnerability in the Model Context Protocol (MCP) server that was exploited in the wild. The reports described this as the first-ever instance of an MCP server being exploited in the wild, which can lead to software supply chain risks. The flaw exists in the npm package postmark-mcp, an MCP server … Continue reading “Malicious MCP Server on npm postmark-mcp Exploited in Attack”
Cisco Addresses Zero-day Vulnerabilities in Cisco ASA and FTD Software (CVE-2025-20362 & CVE-2025-20333)
Cisco warns its users to patch two actively exploited vulnerabilities impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance Software and Cisco Secure Firewall Threat Defense Software. Tracked as CVE-2025-20362 and CVE-2025-20333, the vulnerabilities can lead to remote code execution and unauthorized access of the affected device. Cisco mentioned in the advisory that … Continue reading “Cisco Addresses Zero-day Vulnerabilities in Cisco ASA and FTD Software (CVE-2025-20362 & CVE-2025-20333)”
Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)
Cisco released a security advisory to address an actively exploited vulnerability, tracked as CVE-2025-20352, impacting Cisco IOS and IOS XE Software. Successful exploitation of the vulnerability may allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition. A high-privileged attacker may execute arbitrary code as the root user and … Continue reading “Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)”