CISOs with SAP NetWeaver AS Java servers in their environments should make sure admins patch two highly critical vulnerabilities as soon as possible. They are among the most important of the monthly Patch Tuesday fixes issued today by a number of vendors. The worst NetWeaver vulnerability, CVE-2025-42944, rated 10 on the CVSS scale, is an…
Category: Threat and Vulnerability Management, Vulnerabilities, Windows Security
Exploits, Global Security News, Threat and Vulnerability Management, Vulnerabilities, Windows Security
April Patch Tuesday news: Windows zero day being exploited, ‘big vulnerability’ in 2 SAP apps
A threat actor is exploiting a zero-day elevation of privileges vulnerability in the Windows Common Log File System to deploy ransomware, one of a number of critical holes Microsoft plugged today as part of its April Patch Tuesday releases. “The targets include organizations in the information technology (IT) and real estate sectors of the United…
Exploits, Global Security News, Threat and Vulnerability Management, Vulnerabilities, Windows Security
February Patch Tuesday: CISOs should act now on two actively exploited Windows Server vulnerabilities
CISOs should make sure that two actively exploited vulnerabilities in Windows are addressed as part of their staff’s February Patch Tuesday efforts. They are: CVE 2025-21391, a Windows Storage escalation of privilege vulnerability that, if exploited, could allow an attacker to delete – but not read — targeted files on a system. While this wouldn’t…