patch management

Cyble's year‑end vulnerability digest warns of a clear and unsettling shift: weekly disclosures have spiked to levels that, in Cyble's analysis, are roughly double the long‑term pace, producing a sustained cadence of high‑severity flaws and rapidly appearing Proof‑of‑Concepts (PoCs) that...

MariaDB servers across multiple release lines are vulnerable to a denial‑of‑service crash (CVE‑2023‑52970) when processing certain queries that exercise the Item_direct_view_ref::derived_field_transformer_for_where logic, and operators should treat this as an immediate patching priority...

CISA says it has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog — a MongoDB flaw tracked as CVE‑2025‑14847 — but independent public records show the underlying bug, vendor fixes, and active‑exploitation reports are better documented than the specific KEV entry...

A newly assigned Linux kernel vulnerability, tracked as CVE‑2025‑68366, affects the Network Block Device (NBD) driver and stems from a race that can produce a use‑after‑free when handling NBD control messages. The short technical summary is simple: code in nbd_genl_connect increments a...

A critical use‑after‑free vulnerability in the X.Org X server and Xwayland — tracked as CVE‑2025‑62229 — has been published and fixed upstream; the flaw arises in the handling of X11 Present extension notifications and can leave dangling pointers that lead to memory corruption or crashes, with...

The most consequential security decision a CIO will make in 2025 is not buying the flashiest AI detection tool — it's choosing and operating a patch management platform that actually closes the patching gap across Windows, macOS, Linux and third‑party apps in hybrid, cloud and edge estates. The...

Microsoft pushed an unscheduled out‑of‑band update after December’s Patch Tuesday to remediate a damaging regression in Microsoft Message Queuing (MSMQ) that prevented many applications and IIS‑hosted services from writing messages to disk. The failure was traced to a security hardening that...

Microsoft has issued emergency, out-of-band updates to repair a disruptive side effect of its December security patches that left Message Queuing (MSMQ) unable to write its storage files on a wide range of Windows client and server releases, a problem that forced immediate mitigation steps in...

Microsoft acknowledged and — in some server channels — already shipped out-of-band patches that address a disruptive December 2025 regression which broke Microsoft Message Queuing (MSMQ) for many enterprise deployments, and administrators now face a short-term choice between applying...

Axis Communications has issued an urgent software update cycle after security researchers disclosed multiple, high‑impact vulnerabilities in its Camera Station Pro, Camera Station, and AXIS Device Manager products—flaws that, in some cases, allow an authenticated user to achieve remote code...

National Instruments’ flagship engineering tool LabVIEW is the subject of a coordinated security disclosure that identifies nine memory‑corruption vulnerabilities — ranging from out‑of‑bounds reads and writes to a use‑after‑free and a stack‑based buffer overflow — which, if triggered by a...

Microsoft has warned that December’s security rollups include a change that can break Message Queuing (MSMQ) — an unexpected compatibility regression that has already caused IIS-hosted sites and legacy applications to fail, left enterprise message pipelines inactive, and forced administrators...

CISA's release of seven Industrial Control Systems (ICS) advisories on March 18, 2025, spotlights a concentrated wave of high‑severity flaws across multiple widely deployed operational technology (OT) products — most notably several Schneider Electric components, a Rockwell Automation...

A use-after-free defect in the HDF5 C library — tracked as CVE-2025-6856 and rooted in the H5FL__reg_gc_list routine in src/H5FL.c — has been publicly disclosed and confirmed by multiple independent sources; the flaw affects HDF5 1.14.6, a widely embedded library in scientific, engineering, and...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

Microsoft’s new native server capabilities in Windows Server 2025 are changing long‑standing assumptions about maintenance windows, uptime and operational cost — and the company’s hotpatching rollout in particular is already forcing datacenter teams to rethink update strategy, risk posture, and...

A new GRUB2 vulnerability, tracked as CVE-2025-61661, permits an out‑of‑bounds write during USB string handling that can crash the bootloader when a maliciously‑crafted USB device is present during boot, producing a denial‑of‑service and a limited risk of data corruption; the defect is narrow...

CISA has added a high‑risk Sierra Wireless AirLink vulnerability, CVE‑2018‑4063, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation — a move that forces federal agencies to accelerate remediation under BOD 22‑01 and should prompt immediate action by any...

A newly disclosed vulnerability, tracked as CVE-2025-49178, allows malformed X11 protocol requests to disrupt X server request processing — a flaw that can be weaponized to produce a complete denial of service against affected X server implementations (notably xorg-x11-server, Xwayland and...

Chromium CVE-2025-14373 affects an “inappropriate implementation in Toolbar” and appears in the Microsoft Security Update Guide because Microsoft Edge (Chromium‑based) consumes the upstream Chromium open‑source project — the entry announces that the latest Edge builds have ingested the Chromium...