On 22^nd July 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 138.0.7204.168/.169 (Windows/Mac) and 138.0.7204.168 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 23^rd July 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.2.1, 18.1.3 and 18.0.5
• GitLab Enterprise Edition (EE) - versions prior to 18.2.1, 18.1.3 and 18.0.5

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.2.1, 18.1.3, 18.0.5
• GitLab Releases

On 23^rd July 2025, SonicWall published a security advisory to address vulnerabilities in SonicWall SMA 100 Series (SMA 210, 410, 500v) - version 10.2.1.15-81sv and prior.

Review the following SonicWall Security Advisory and apply the necessary updates:

• SonicWall Security Advisory - SNWLID-2025-0014
• SonicWall Security Advisories

On 22^nd July 2025, JavaScript (NPM Inc.) published a security advisory to address vulnerabilities in the following products:

• Form-data library - versions prior to 2.5.4
• Form-data library - versions 3.0.0 to 3.0.3
• Form-data library - versions 4.0.0 to 4.0.3

Review the JavaScript form-data library Security Advisory and apply the necessary updates.

On 23^rd July 202,5, Mitel published security advisories to address vulnerabilities in the following products:

• MiVoice MX-ONE - versions 3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14)
• MiCollab - versions 10.0 (10.0.0.26) to 10.0 SP1 FP1 (10.0.1.101) and version 9.8 SP3 (9.8.3.1) and prior

Review the following advisories and apply the necessary updates: 

• Mitel Security Advisory - MISA-2025-0009
• Mitel Security Advisory - MISA-2025-0008
• Mitel Security Bulletins

On 22^nd June 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox for iOS - versions prior to 141
• Firefox ESR - versions prior to 140.1
• Firefox ESR - versions prior to 128.13
• Firefox ESR - versions prior to 115.26
• Firefox - versions prior to 141

Review the following advisories and apply the necessary updates:

• Mozilla Foundation Security Advisory MFSA 2025-60
• Mozilla Foundation Security Advisory MFSA 2025-59
• Mozilla Foundation Security Advisory MFSA 2025-58
• Mozilla Foundation Security Advisory MFSA 2025-57
• Mozilla Foundation Security Advisory MFSA 2025-56
• Mozilla Security Advisories

On 25^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco ISE and ISE-PIC - versions prior to 3.3 Patch 7
• Cisco ISE and ISE-PIC - versions prior to 3.4 Patch 2

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
• Cisco Security Advisories

On 21^st July 2025, Sophos published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Sophos Firewall - version v21.0 GA (21.0.0) and prior
• Sophos Firewall - version v21.5 GA (21.5.0) and prior

Review the following Sophos Security Advisory and apply the necessary updates

• Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973)
• Sophos Security Advisories

On 20^th July 2025, Microsoft Releases Guidance on the Exploitation of SharePoint Vulnerability (CVE-2025-53770).

This active exploitation of a new remote code execution (RCE) vulnerability enables unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network. 

Review the following Microsoft Guidance and apply the necessary updates:

• For information on detection, prevention, and advanced threat hunting measures, see Microsoft's Customer Guidance for SharePoint Vulnerability and advisory for CVE-2025-49706. You are encouraged to review all articles and security updates published by Microsoft on 8th July, 2025, that are relevant to the SharePoint platform deployed in your environment.
• Monitor for POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit
• Conduct scanning for IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly between 18 and 19 July, 2025.
• Update intrusion prevention system and web-application firewall rules to block exploit patterns and anomalous behavior.
• Implement comprehensive logging to identify exploitation activity.

On 19^th June 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft SharePoint Server Subscription Edition - versions prior to KB5002768
• Microsoft SharePoint Server 2016 (No update available yet)
• Microsoft SharePoint Server 2019 - versions prior to KB5002754

Review the following advisories and apply the necessary updates:

• Customer guidance for SharePoint vulnerability CVE-2025-53770
• Microsoft SharePoint Server Remote Code Execution Vulnerability - CVE-2025-53770
• Microsoft SharePoint Server Spoofing Vulnerability - CVE-2025-53771
• Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768)
• Security Update for Microsoft SharePoint Server 2019 Core (KB5002754)

On 18^th June 2025, CrushFTP published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• CrushFTP - versions 10 prior to 10.8.5
• CrushFTP - versions 11 prior to 11.3.4_23

Review the CrushFTP Update, follow the recommended mitigation, and apply the necessary updates.

Between 14^th and 20^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 14^th July and 20^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell AMD-based PowerEdge Server - multiple versions and models
• Dell AppSync - versions prior to 4.6.0.4
• Dell Connectrix B-Series - versions 2.3.0 to 2.3.1a
• Dell Connectrix B-Series - versions 9.1.0 to 9.2.2
• Dell Connectrix B-Series - versions prior to 2.4.0
• Dell Data Protection Central - versions 19.8 to 19.12.1
• Dell Data Protection Central - versions prior to 19.12.0-2
• Dell EMC XC Core XC7525 - versions prior to 2.19.0
• Dell Networking OS10 - versions prior to 10.6.0.5
• Dell PowerEdge T40 - versions prior to 1.20.0
• Dell XC Core XC7625 - versions prior to 1.11.2

Review the provided Dell Security Advisory and apply the necessary updates.

Between 10^th  July and 20^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 16^th July 2025, ISC published security advisories to address vulnerabilities in the following product:

• ISC BIND 9 - versions 9.11.3-S1 to 9.16.50-S1
• ISC BIND 9 - versions 9.18.11-S1 to 9.18.37-S1
• ISC BIND 9 - versions 9.20.9-S1 to 9.20.10-S1
• ISC BIND 9 - versions 9.20.0 to 9.20.10
• ISC BIND 9 - versions 9.21.0 to 9.21.9

Review the following advisories and apply the necessary updates:

• ISC BIND security advisory - CVE-2025-40776
• ISC BIND security advisory - CVE-2025-40777
• BIND 9 Security Vulnerability Matrix

On 19^th July 2025, Microsoft published a customer guidance for a critical SharePoint vulnerability CVE-2025-53770 that appears to be affecting all versions of on-premises SharePoint Server¹. SharePoint Online in Microsoft 365 is not impacted.

CVE-2025-53770 involves the deserialization of untrusted data in on-premises Microsoft SharePoint Servers, allowing an unauthorised attacker to execute code over a network.

On 21^st July 2025, Microsoft released emergency patches for the following versions of SharePoint:

• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Server 2019

As of 21^st July 2025, there are presently no patches available for Microsoft SharePoint Server 2016.

Potential indicators of compromise

The following indicators of compromise (IoCs) have been shared by the cyber security research community ² as a starting point for compromise detection.

• Verify the presence of the following file: C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\16\TEMPLATE\LAYOUTS\spinstall0.aspx
  • SHA256:92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514
• Monitor IIS logs for POST requests to /_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx with a HTTP referer of /_layouts/SignOut.aspx
• Verify network logs for scanning or exploitation attempts from IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly since July 17, 2025.
• Check for presence of file hashes that may indicate compromise^3 and 4 :
  • SHA256:4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030
  • SHA256:b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70
  • SHA256:fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7
  • SHA256:27c45b8ed7b8a7e5fff473b50c24028bd028a9fe8e25e5cea2bf5e676e531014
  • SHA256:8d3d3f3a17d233bc8562765e61f7314ca7a08130ac0fb153ffd091612920b0f2
  • SHA256:b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93
  • SHA256:f917e0fd57784e40d9a41069f30b2b5cf83db29b52072c308ff030eaf1fcd764

Suggested actions

If your SharePoint Server is accessible via the internet, it is recommended to assess potential security compromises and consider isolating the affected instance until patching and threat hunt exercises are complete.

Additionally, the Cyber Centre strongly recommends that organizations follow Microsoft customer guidance for mitigation advice:

• Use or upgrade to supported versions of on-premises Microsoft SharePoint Server.
• Apply the latest security updates from Microsoft.
• Enable Antimalware Scan Interface (AMSI) integration in SharePoint Server.
• integration was enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition⁵.
• Deploy a compatible AMSI-capable antivirus/antimalware provider across all SharePoint servers.
• Rotate SharePoint Server ASP.NET machine key
• Organizations who are running SharePoint 2016 are encouraged to monitor Microsoft's advsiories¹ and apply the patches as soon as it is available.

Please note that the identified evidence that AMSI may not consistently offer comprehensive protection against this form of exploitation, as threat actors frequently adapt their methods to evade detection.

On 16^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Telco Service Orchestrator - versions prior to v4.2.4
• HPE AutoPass License Server - versions prior to 9.18

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBNW04900 rev.1 - HPE Telco Service Orchestrator Software, Remote Denial of Service (DoS)
• HPESBGN04877 rev.1 - HPE AutoPass License Server (APLS), Multiple Vulnerabilities
• HPE Security Bulletin Library

On 16^th July 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.95.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 15^th July 2025, Nodejs published a security advisory to address vulnerabilities in the following products:

• Node.js 20 - versions prior to v20.19.4
• Node.js 22 - versions prior to v22.17.1
• Node.js 24 - versions prior to v24.4.1

Review the Nodejs Security Releases and apply the necessary updates.

On 16^th July 2025, HPE published a security advisory to address vulnerabilities in HP-UX 11i Secure Shell Software - versions prior to A.09.30.010

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBUX04903 rev.1 - HP-UX Secure Shell daemon (sshd), Multiple Vulnerabilities
• HPE Security Bulletin Library

On 15^th July 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 138.0.7204.157/.158 (Windows/Mac) and 138.0.7204.157 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 16^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Telco Service Orchestrator - versions prior to v5.2.1
• HPE Cray XD670 - version prior to TPM Firmware v7.86
• HPE Cray XD675 - version prior to TPM Firmware v15.24

Review the following HPE Security Advisory and apply the necessary updates:

• HPE Security Bulletin - HPESBNW04875 rev.1 - HPE Telco Service Orchestrator Software, Authenticated SQL Injection
• HPESBCR04898 rev.1 - Certain HPE Cray XD Servers Using Certain TPM 2.0, Local Denial of Service Vulnerability
• HPE Security Bulletin Library

On 16^th July 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Unified Intelligence Center - versions 12.5, 12.6 and 15
• Cisco Unified CCX - versions prior to 12.5(1)SU3
• Cisco Identity Services Engine (ISE) - versions prior to 3.2, versions 3.3 and 3.4
• Cisco ISE Passive Identity Connector (ISE-PIC) - versions prior to 3.2, versions 3.3 and 3.4
• Cisco Evolved Programmable Network Manager (EPNM) - versions prior to 7.1, versions 8.0 and 8.1
• Cisco Prime Infrastructure - versions prior to 3.9 and version 3.10

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability
• Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities
• Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability
• Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
• Cisco Security Advisories

Between 9^th and 27^th June 2025, Trend Micro published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Apex One 2019 (On-prem)
• Apex One as a Service SaaS
• Worry-Free Business Security (WFBS) 10.0 SP1
• Worry-Free Business Security Services (WFBSS) 6.7 (SaaS)

Review the following Trend Micro Security Advisory and apply the necessary updates

• Trend Micro Apex One June 2025 Monthly Bulletin
• June 2025 for Trend Micro Apex Central
• June 2025 for Trend Micro Worry-Free Business Security (including Services)

On 15^th July 2025, Oracle published a security advisory to address vulnerabilities in multiple products.

Review Oracle Critical Patch Update Advisory - July 2025 and apply the necessary updates.

On 15^th July 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Cloud Foundation - version 9.0.0.0
• VMware vSphere Foundation - version 9.0.0.0
• VMware ESXi - version 8.0
• VMware ESXi - version 8.0
• VMware ESXi - version 7.0
• VMware Workstation - version 17.x
• VMware Fusion - version 13.x
• VMware Cloud Foundation - version 5.x
• VMware Cloud Foundation - version 4.5.x
• VMware Telco Cloud Platform - versions 5.x and 4.x
• VMware Telco Cloud Platform - versions 3.x and 2.x
• VMware Telco Cloud Infrastructure - versions 3.x and 2.x
• VMware Tools [1] - version 13.x.x
• VMware Tools [1] - versions 12.x.x and 11.x.x
• VMware Tools - versions 13.x.x, 12.x.x and 11.x.x
• VMware Tools - versions 13.x.x, 12.x.x and 11.x.x

Review the following advisories and apply the necessary updates:

• VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
• Security Advisories - VMware Cloud Foundation

On 15^th July 2025, Zyxel published security advisories to address vulnerabilities in the following products:

• NWA50AX - versions prior to 7.10(ABYW.1)
• NWA50AX PRO - versions prior to 7.10(ACGE.2)
• NWA55AXE - versions prior to 7.10(ABZL.1)
• NWA90AX - versions prior to 7.10(ACCV.1)
• NWA90AX PRO - versions prior to 7.10(ACGF.2)
• NWA110AX - versions prior to 7.10(ABTG.1)
• NWA130BE - versions prior to 7.10(ACIL.2)
• NWA210AX - versions prior to 7.10(ABTD.1)
• NWA220AX-6E - versions prior to 7.10(ACCO.1)
• NWA1123AC PRO - versions prior to 6.28(ABHD.3)
• WAC500H - versions prior to 6.70(ABWA.6)
• WAC5302D-Sv2 - versions prior to 6.25(ABVZ.9)
• WAC6103D-I - versions prior to 6.28(AAXH.3)
• WAX300H - versions prior to 7.10(ACHF.1)
• WAX510D - versions prior to 7.10(ABTF.1)
• WAX610D - versions prior to 7.10(ABTE.1)
• WAX620D-6E - versions prior to 7.10(ACCN.1)
• WAX630S - versions prior to 7.10(ABZD.1)
• WAX640S-6E - versions prior to 7.10(ACCM.1)
• WAX650S - versions prior to 7.10(ABRM.1)
• WAX655E - versions prior to 7.10(ACDO.1)
• WBE530 - versions prior to 7.10(ACLE.2)
• WBE660S - versions prior to 7.10(ACGG.2)

Review the following advisories and apply the necessary updates:

• Zyxel security advisory for path traversal vulnerability in Aps (CVE-2025-6265)
• Zyxel Advisories

Between 7^th and 13^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 7^th July and 13^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell PowerFlex Manager - version 4.6.2 and prior
• Dell UCC Edge - versions prior to 3.0.1

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-279
• Dell Security Advisories - DSA-2025-180
• Dell Security advisories and notices

Between 7^th and 13^th July 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10
• Ubuntu 25.04

Review the Ubuntu Security Notices and apply the necessary updates.

Between 7^th July and 13^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 9^th  and 10^th July, 2025, Juniper Networks published security advisories to address vulnerabilities in multiple products.

Review the Juniper Networks Security Advisories and apply the necessary updates.

On 8^th July 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cookies Addons - versions prior to 1.2.4
• Mail_login 3.x - versions prior to 3.2.0
• Mail_login 4.x - versions prior to 4.2.0

Review the following advisories and apply the necessary updates: 

• Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087
• Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088
• Drupal Security Advisories

Between 7^th  and 8^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy - versions 9.1.0 to 9.2.2
• HPE B-series Fibre Channel Switch - multiple versions and models
• HPE Compute Scale-up Server 3200 - versions prior to v1.60.88
• HPE Networking Instant On Access Point - version 3.2.0.1 and prior
• HPE ProLiant Cray Servers ** - multiple versions and models
• HPE SANnav Management Software SANnav base OS (OVA deployment) - versions prior to 2.4.0a
• HPE SN6750B 64Gb 48/128 48-port 64Gb Short Wave SFP56 Port Side Intake Integrated FC Switch - versions 9.1.0 to 9.2.2
• HPE SN8600B 4-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE SN8600B 8-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE SN8700B 4-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE SN8700B 8-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE Storage Fibre Channel Switch B-series SN3700B - version 22
• HPE Superdome Flex 280 Server - versions prior to v2.00.12
• HPE Superdome Flex Server - versions prior to v4.10.18

Review the HPE security bulletins and apply the necessary updates.

On 8^th July 2025, ServiceNow published a security bulletin to address vulnerabilities in the ServiceNow Now Platform - multiple versions.

Review the ServiceNow security advisories and apply the necessary updates.

On 8^th July 2025, Citrix published security advisories to address vulnerabilities in the following products:

• Current Release (CR): Citrix Virtual Apps and Desktops - versions prior to 2503
• Long Term Service Release (LTSR): Citrix Virtual Apps and Desktops - versions 2402 LTSR CU2 and prior

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694820
• Citrix Security Advisories

On 9^th July 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.1.2, 18.0.4 and 17.11.6
• GitLab Enterprise Edition (EE) - versions prior to 18.1.2, 18.0.4 and 17.11.6

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.1.2, 18.0.4, 17.11.6
• GitLab Releases

On 9^th July 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• Apica Loadtest Plugin - version 1.10 and prior
• Applitools Eyes Plugin - version 1.16.5 and prior
• Aqua Security Scanner Plugin - version 3.2.8 and prior
• Credentials Binding Plugin - version 687.v619cb_15e923f and prior
• Dead Man's Snitch Plugin - version 0.1 and prior
• Git Parameter Plugin - version 439.vb_0e46ca_14534 and prior
• HTML Publisher Plugin - version 425 and prior
• IBM Cloud DevOps Plugin - version 2.0.16 and prior
• IFTTT Build Notifier Plugin - version 1.2 and prior
• Kryptowire Plugin - version 0.2 and prior
• Nouvola DiveCloud Plugin - version 1.08 and prior
• QMetry Test Management Plugin - version 1.13 and prior
• ReadyAPI Functional Testing Plugin - version 1.11 and prior
• Sensedia Api Platform tools Plugin - version 1.0 and prior
• Statistics Gatherer Plugin - version 2.0.3 and prior
• Testsigma Test Plan run Plugin - version 1.6 and prior
• User1st uTester Plugin - version 1.1 and prior
• VAddy Plugin - version 1.2.8 and prior
• Warrior Framework Plugin - version 1.2 and prior
• Xooa Plugin - version 0.0.7 and prior

Review the following advisories and apply the necessary updates:

• Jenkins Security Advisory 2025-07-09
• Jenkins Security Advisories

On 9^th July 2025, Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• Autonomous Digital Experience Manager 5.6.0 macOS - versions prior to 5.6.7
• GlobalProtect App 6.3 macOS - versions prior to 6.3.3-h1 (6.3.3-c650)
• GlobalProtect App 6.2 macOS - versions prior to 6.2.8-h2 (6.2.8-c243)
• GlobalProtect App 6.2 Linux - versions prior to 6.2.8
• GlobalProtect App 6.1 macOS - all versions
• GlobalProtect App 6.1 Linux - all versions
• GlobalProtect App 6.0 macOS - all versions
• GlobalProtect App 6.0 Linux - all versions
• Prisma Access Browser - versions prior to 137.16.6.120

Review the following advisories and apply the necessary updates:

• Palo Alto Networks Security Advisories - PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
• Palo Alto Networks Security Advisories - CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability
• Palo Alto Networks Security Advisories - CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App
• Palo Alto Networks Security Advisories - CVE-2025-0141 GlobalProtect App: Privilege Escalation (PE) Vulnerability
• Palo Alto Network Security Advisories

On 8^th July 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP NetWeaver ABAP Server and ABAP - multiple versions
• SAP NetWeaver ABAP Server and ABAP Platform - multiple versions
• SAP NetWeaver Application Server for ABAP - multiple versions
• SAP NetWeaver Visual Composer - version VCBASE 7.50
• SAP Business Objects Business Intelligence Platform (CMC) - version ENTERPRISE 430, 2025
• SAP Business Warehouse and SAP Plug-In Basis - multiple versions
• SAP NetWeaver Enterprise Portal Federated Portal Administration - version EP-RUNTIME 7.50
• SAP NetWeaver Enterprise Portal Federated Portal Network - version EP-RUNTIME 7.50
• SAP NetWeaver SAP NetWeaver Application Server for Java (Log Viewer) - version LMNWABASICAPPS 7.50
• SAP NetWeaver (XML Data Archiving Service) - version J2EE-APPS 7.50
• SAP Supplier Relationship Management (Live Auction Cockpit) - version SRM_SERVER 7.14
• SAP S/4HANA and SAP SCM (Characteristic Propagation) - versions SCMAPO 713, 714, S4CORE 102, 103, 104, S4COREOP 105, 106, 107, 108, SCM 700, 701, 702 and 712

Review the SAP Security Patch Day - July 2025 and apply the necessary updates.

On 8^th July 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure (ICS) - version 22.7R2.7 and prior
• Ivanti Endpoint Manager - version 2022 SU8 and prior
• Ivanti Endpoint Manager - version 2024 SU2 and prior
• Ivanti Endpoint Manager Mobile - version 12.5.0.1 and prior
• Ivanti Endpoint Manager Mobile - version 12.4.0.2 and prior
• Ivanti Endpoint Manager Mobile - version 12.3.0.2 and prior
• Ivanti Policy Secure (IPS) - version 22.7R1.4 and prior

Review the following advisories and apply the necessary updates: 

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2025-6770, CVE-2025-6771)
• Security Advisory July 2025 for Ivanti EPM 2024 SU2 and EPM 2022 SU8
• July Security Advisory Ivanti Connect Secure and Ivanti Policy Secure (Multiple CVEs)
• Ivanti Security Advisories

On 8^th July 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiAnalyzer - multiple versions
• FortiAnalyzer Cloud - multiple versions
• FortiIsolator - multiple versions
• FortiManager - multiple versions
• FortiManager Cloud - multiple versions
• FortiOS 7.6 - versions 7.6.0 to 7.6.1
• FortiOS 7.4 - versions 7.4.0 to 7.4.7
• FortiOS 7.2 - versions 7.2.0 to 7.2.11
• FortiOS 7.0 - versions 7.0.1 to 7.0.16
• FortiProxy 7.6 - versions 7.6.0 to 7.6.1
• FortiProxy 7.4 - versions 7.4.0 to 7.4.8
• FortiProxy 7.2 - versions 7.2.0 to 7.2.13
• FortiProxy 7.0 - versions 7.0.0 to 7.0.20
• FortiSandbox - multiple versions
• FortiVoice 6.4 - versions 6.4.0 to 6.4.10
• FortiVoice 7.0 - versions 7.0.0 to 7.0.6
• FortiVoice 7.2 - versions 7.2.0
• FortiWeb - multiple versions

Review the following advisories and apply the necessary updates:

• Fortinet PSIRT - FG-IR-25-151
• Fortinet PSIRT Advisories

On 8^th July 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office 2016 - multiple platforms
• Microsoft Office 2019 - multiple platforms
• Microsoft Office for Android
• Microsoft Office LTSC 2021 - multiple platforms
• Microsoft Office LTSC 2024 - multiple platforms
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft Word 2016 - multiple platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server 2008 - multiple platforms
• Windows Server 2012 - multiple platforms
• Windows Server 2016 - multiple platforms
• Windows Server 2019 - multiple platforms
• Windows Server 2022 - multiple platforms
• Windows Server 2025 - multiple platforms
• Microsoft SQL Server - multiple platforms

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

On 8^th July 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe After Effects - version 24.6.6 and prior
• Adobe After Effects - version 245.2 and prior
• Adobe Audition - version 24.6.3 and prior
• Adobe Audition - version 25.2 and prior
• Adobe ColdFusion - multiple versions
• Adobe Connect Windows App - version 24 and prior
• Adobe Dimension - version 4.1.2 and prior
• Adobe Experience Manager (AEM) Forms on JEE - version 6.5.23.0 and prior
• Adobe Experience Manager (AEM) Screens - version AEM 6.5.22 Screens FP11.4
• Adobe FrameMaker - version FrameMaker 2020 Update 8 and prior
• Adobe FrameMaker - version FrameMaker 2022 Update 6 and prior
• Adobe Illustrator 2024 - version 28.7.6 and prior
• Adobe Illustrator 2025 - version 29.5.1 and prior
• Adobe InCopy - version 19.5.3 and prior
• Adobe InCopy - version 20.3 and prior
• Adobe InDesign - version ID20.3 and prior
• Adobe InDesign - version ID19.5.3 and prior
• Adobe Substance 3D Stager - version 3.1.2 and prior
• Adobe Substance 3D Viewer - version 0.22 and prior

Review the Adobe Security Advisories and apply the necessary updates.

On 22nd May 2025, OpenSSL published a security bulletin to address vulnerabilities in the OpenSSL x509 application.

Review the OpenSSL Security News and apply the necessary updates.

On 2^nd July 2025, HPE published a security advisory to address vulnerabilities in HPE Telco Service Orchestrator - versions prior to v5.3.3.

Review the HPE security bulletins and apply the necessary updates.

Between 30^th and 6^th July 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Review the Ubuntu Security Notices and apply the necessary updates.

Between 30^th and 6^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

On 7^th July 2025, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Between 30^th June and 6^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

Between 30^th June and 6^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Apex Cloud Platform for Red Hat Openshift - versions prior to 03.01.03.00
• Dell Enterprise SONiC Distribution - versions prior to 4.5.0
• Dell Integrated System for Microsoft Azure Stack Hub 14G - versions prior to 2504
• Dell Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2504
• Dell ObjectScale 4.0.0.1 - versions prior to 4.0.0.1
• Dell Protection Advisor - versions 19.9 to 19.12

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-243
• Dell Security Advisories - DSA-2025-265
• Dell Security Advisories - DSA-2025-270
• Dell Security Advisories - DSA-2025-275
• Dell Security Advisories - DSA-2025-276
• Dell Security advisories and notices

On 7^th July 2025, Splunk published a security update to address vulnerabilities in the following products.

• Splunk Cloud Platform - versions prior to 9.3.2411.103
• Splunk Cloud Platform - versions prior to 9.3.2408.113
• Splunk Cloud Platform - versions prior to 9.2.2406.119
• Splunk DB Connect - versions prior to 4.0.0
• Splunk Enterprise - versions 9.4.0 to 9.4.2
• Splunk Enterprise - versions 9.3.0 to 9.3.4
• Splunk Enterprise - versions 9.2.0 to 9.2.6
• Splunk Enterprise - versions 9.1.0 to 9.1.9
• Splunk Enterprise Cloud - versions prior to 9.3.2411.107
• Splunk Enterprise Cloud - versions prior to 9.3.2408.117
• Splunk Enterprise Cloud - versions prior to 9.2.2406.121
• splunk/universalforwarder - versions 9.4.0 to 9.4.2
• splunk/universalforwarder - versions 9.3.0 to 9.3.4
• splunk/universalforwarder - versions 9.2.0 to 9.2.6
• splunk/universalforwarder - versions 9.1.0 to 9.1.9
• Splunk SOAR - versions prior to 6.4.1

Review the Splunk Security Advisories and apply the necessary updates.

On 1^st July 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Security for Windows versions prior to 17.8.1476.

Review the Trend Micro security bulletins and apply the necessary updates.

On 4^th June 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Tanzu Greenplum - version 7.5.0
• VMware Tanzu GemFire - version 9.15.16
• VMware Tanzu Greenplum - version 6.30.0
• VMware Tanzu for Valkey - version 8.1.2
• VMware Tanzu for Postgres on Kubernetes - version 4.2.1

Review the following advisories and apply the necessary updates:

• Security Advisories - TNZ-2025-0031
• Security Advisories - TNZ-2025-0042
• Security Advisories - TNZ-2025-0043
• Security Advisories - TNZ-2025-0044
• Security Advisories - TNZ-2025-0045
• Security Advisories - Tanzu

On 2^nd July 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.65.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 2^nd July 2025, Citrix published a security Advisory to address a vulnerability in XenServer 8.4

Review Citrix security advisory and apply necessary updates.

On 2^nd July 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Config Pages Viewer - versions prior to 1.0.4
• Two-factor Authentication (TFA) - versions prior to 1.11.0

Review the following advisories and apply the necessary updates: 

• Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
• Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
• Drupal Security Advisories

On 30^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 138.0.7204.96/97 (Windows/Mac) and 138.0.7204.92 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 2^nd July 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco BroadWorks Application Delivery Platform - versions prior to RI.2025.05
• Cisco Enterprise Chat and Email - version 11 and versions prior to 12.6(1)_ES11
• Cisco Spaces Connector - versions prior to Connector 3-Jun 2025
• Cisco Unified Communications Manager - versions 15.0.1.13010-1 to 15.0.1.13017-1
• Cisco Unified Communications Manager Session Management Edition Engineering Special (ES) - versions 15.0.1.13010-1 to 15.0.1.13017-1

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability
• Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
• Cisco Spaces Connector Privilege Escalation Vulnerability
• Cisco Unified Communications Manager Static SSH Credentials Vulnerability
• Cisco Security Advisories

Between 23^rd and 29^th June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 25.04
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

Between 23^rd  and 30^th June 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

On 27^th June 2025, MongoDB published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• MongoDB Server v6.0 - versions prior to 6.0.21
• MongoDB Server v7.0 - versions prior to 7.0.17
• MongoDB Server v8.0 - versions prior to 8.0.5

Review the MongoDB security bulletins and apply the necessary updates.

On 25^th June 2025, Brother published a security update to address vulnerabilities in multiple products (including laser printers).

Review the Japan CIRT or Brother Security advisories and apply the necessary updates.

On 26^th June 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.55.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

• HPE Telco Unified OSS Console - version prior to v3.1.16
• HPE OneView for VMware vCenter with Operations Manager and Log Insight - versions prior to v11.7

• HPE Security Bulletin - hpesbnw04885en_us
• HPE Security Bulletin - hpesbgn04876en_us
• HPE Security Bulletin Library

• Firefox ESR - versions prior to 128.12
• Firefox ESR - versions prior to 115.25
• Firefox - versions prior to 140

• Mozilla Foundation Security Advisory MFSA 2025-53
• Mozilla Foundation Security Advisory MFSA 2025-52
• Mozilla Foundation Security Advisory MFSA 2025-51
• Mozilla Security Advisories

On 24^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 138.0.7204.49/50 (Windows/Mac) and 138.0.7204.50 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 25^th June 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.1.1, 18.0.3 and 17.11.5
• GitLab Enterprise Edition (EE) - versions prior to 18.1.1, 18.0.3 and 17.11.5

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.1.1, 18.0.3, 17.11.5
• GitLab Releases

On 23^rd June 2025, Splunk published a security update to address vulnerabilities in the following products.

• splunk/splunk - version 9.4.1
• splunk/splunk - versions 9.3.0 to 9.3.3
• splunk/splunk - versions 9.2.0 to 9.2.5
• splunk/splunk - versions 9.1.0 to 9.1.8
• splunk/universalforwarder - version 9.4.1
• splunk/universalforwarder - versions 9.3.0 to 9.3.3
• splunk/universalforwarder - versions 9.2.0 to 9.2.5
• splunk/universalforwarder - versions 9.1.0 to 9.1.8
• Splunk Operator for Kubernetes - versions prior to 2.8.0
• Splunk AppDynamics Smart Agent - versions prior to 25.5.1

Review the following Splunk Security Advisory and apply the necessary updates:

• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0607
• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0608
• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0609
• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0610
• Splunk Security Advisories

On 24^th June, 2025, TeamViewer published security updates to address vulnerabilities in the following products:

• TeamViewer Remote Full Client (Windows) - multiple versions
• TeamViewer Remote Host (Windows) - multiple versions

Review TeamViewer view security advisory, Improper Neutralization of Argument Delimiters in TeamViewer Clients - TV-2025-1002, and apply the necessary updates.

On 20^th June 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Password Manager - versions prior to 5.8.0.1327.

Review the Trend Micro security bulletins and apply the necessary updates.

On 25^th June 2025, Citrix published security advisories to address vulnerabilities in the following products:

• NetScaler ADC and NetScaler Gateway 14.1 - versions prior to 14.1-47.46
• NetScaler ADC and NetScaler Gateway 13.1 - versions prior to 13.1-59.19
• NetScaler ADC 13.1-FIPS and NDcPP - versions prior to 13.1-37.236-FIPS and NDcPP

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694788
• Citrix Security Advisories

On 25^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco ISE and ISE-PIC - versions prior to 3.3
• Cisco ISE and ISE-PIC - versions prior to 3.4

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
• Cisco Security Advisories

Between 16^th June and 22^nd June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Connectrix B-Series - versions 9.0.0 to 9.2.2
• Dell Connectrix B-Series - versions prior to 2.4.0
• Dell Connectrix B-Series - versions prior to 9.2.2
• Dell Container Storage Modules - versions prior to 1.14
• Dell EMC XC Core XC7525 - versions prior to 2.14.1
• Dell Policy Manager for Secure Connect Gateway - versions prior to 5.28.00.14
• Dell PowerEdge C6525 - versions prior to 2.14.1
• Dell PowerEdge R6515 - versions prior to 2.14.1
• Dell PowerEdge R6525 - versions prior to 2.14.1
• Dell PowerEdge R7515 - versions prior to 2.14.1
• Dell PowerEdge R7525 - versions prior to 2.14.1
• Dell PowerEdge XE8545 - versions prior to 2.14.1
• Dell PowerFlex Custom Node - versions prior to 1.11.2
• Dell PowerFlex Custom Node - versions prior to 1.16.2
• Dell PowerFlex Custom Node - versions prior to 2.18.1
• Dell PowerFlex Custom Node - versions prior to 2.5.4
• Dell VxFlex Ready Node - versions prior to 2.23.0

Review the provided Dell Security Advisory and apply the necessary updates.

• GitHub Enterprise Server - versions 3.17.x prior to 3.17.1
• GitHub Enterprise Server - versions 3.16.x prior to 3.16.4
• GitHub Enterprise Server - versions 3.15.x prior to 3.15.8
• GitHub Enterprise Server - versions 3.14.x prior to 3.14.13
• GitHub Enterprise Server - versions 3.13.x prior to 3.13.16

• GitHub Release Notes #3.17.1
• GitHub Release Notes # 3.16.4
• GitHub Release Notes # 3.15.8
• GitHub Release Notes # 3.14.13
• GitHub Release Notes # 3.13.16

Between 23^rd June and 29^th June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• iDRAC10 - versions prior to 1.20.50.50
• NetWorker - versions 19.12 to 19.12.0.1 and versions prior to 19.11.0.5
• Dell Open Manage Network Integration - versions prior to 3.7
• Dell PowerMax EEM 5978 - versions prior to 5978.714.714.10730
• Dell PowerMax EEM 10.2.0.1 - versions prior to 10.2.01 Patch 10732
• Dell PowerMaxOS 5978 - versions prior to 5978.714.714.10730
• Dell PowerMax OS 10.2.0.1 - versions prior to 10.2.0.1 Patch 10732
• PowerProtect Cyber Recovery - versions prior to 19.20
• Dell Secure Connect Gateway - Appliance -versions prior to 5.30.0.14
• Solutions Enabler - versions prior to 9.2.4.11 and versions prior to 10.2.0.5
• Dell Storage Monitoring and Reporting - versions prior to 5.1.1.0
• Dell Storage Resource Manager (SRM) - versions prior to 5.1.1.0
• Unisphere for PowerMax - versions prior to 9.2.4.17 and versions prior to 10.2.0.12
• Unisphere 360 - versions prior to 9.2.4.37

Review the provided Dell Security Advisory and apply the necessary updates.

Between 16^th and 22^nd June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cloud Pak for Data - versions 3.5 and 4.5
• IBM Cloud Pak for Data - versions 4.8.0 to 4.8.9, 5.0.0 to 5.0.3 and 5.1.0 to 5.1.3
• IBM Cloudera Data Platform Private Cloud Base with IBM (CDP) - versions 7.1.7 SP3 and 7.1.9 SP1
• IBM Cloudera Data Platform Private Cloud Data Services with IBM - versions 1.5.3 and 1.5.4
• IBM Cloudera Data Platform Streaming with IBM - versions 7.1.7 SP3 and 7.1.9 SP1
• IBM Cloudera Data Platform Streams Messaging Base with IBM Version - versions 7.1.7 SP3 and 7.1.9 SP1
• IBM Data Virtualization on Cloud Pak for Data - versions 3.1.0 to 3.1.2
• IBM Data Virtualization on Cloud Pak for Data - versions 1.7.0 to 1.7.8
• IBM Data Virtualization on Cloud Pak for Data - versions 1.8.0 to 1.8.3
• IBM Data Virtualization on Cloud Pak for Data - versions 3.0.0 to 3.0.3
• IBM Edge Data Collector - version 9.0.9
• IBM Event Processing - versions 1.0.0 to 1.3.2
• IBM Fusion HCI for watsonx - versions 2.8.2 to 2.9.0
• IBM Fusion HCI - versions 2.2.0 to 2.9.0
• IBM Fusion - versions 2.2.0 to 2.9.1
• IBM QRadar SIEM - versions 7.5 to 7.5.0 UP12 IF01
• IBM Storage Fusion Data Foundation - version 4.18.4
• IBM Watson Query on Cloud Pak for Data - versions 2.0.0 to 2.0.4
• IBM Watson Query on Cloud Pak for Data - versions 2.1.0 to 2.1.3
• IBM Watson Query on Cloud Pak for Data - versions 2.2.0 to 2.2.8
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.3
• IBM watsonx Code Assistant On Prem - versions 5.0 to 5.1.2
• IBM watsonx.data - version 2.1.3

Review the IBM Security Advisory and apply the necessary updates.

Between 16^th and 22^nd June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 22.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

On 23^rd June 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiOS 7.4 - versions 7.4.0 to 7.4.3
• FortiOS 7.2 - versions 7.2.0 to 7.2.7
• FortiOS 7.0 - versions 7.0.0 to 7.0.14
• FortiOS 6.4 - all versions
• FortiOS 6.2 - all versions
• FortiOS 6.0 - all versions
• FortiPAM 1.2 - all versions
• FortiPAM 1.1 - all versions
• FortiPAM 1.0 - all versions
• FortiProxy 7.4 - versions 7.4.0 to 7.4.3
• FortiProxy 7.2 - versions 7.2.0 to 7.2.9
• FortiProxy 7.0 - versions 7.0.0 to 7.0.16
• FortiProxy 2.0 - all versions
• FortiProxy 1.2 - all versions
• FortiProxy 1.1 - all versions
• FortiProxy 1.0 - all versions
• FortiSwitchManager 7.2 - versions 7.2.0 to 7.2.3
• FortiSwitchManager 7.0 - versions 7.0.1 to 7.0.3

Review the following advisories and apply the necessary updates:

• Fortinet PSIRT - FG-IR-24-036
• Fortinet PSIRT Advisories

On 20^th June 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 137.0.3296.93.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 17^th June 2025, Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Review the Atlassian Security Bulletin - 17^th June 2025 and Security Advisory and apply the necessary update.            

On 18^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway - multiple models
• Secure Endpoint Connector for Linux - versions prior to 1.26.1
• Secure Endpoint Connector for Mac - versions prior to 1.26.1
• Secure Endpoint Connector for Windows - versions prior to 7.5.21 and 8.4.5
• Secure Endpoint Private Cloud - versions prior to 4.2.2

Review the following Cisco Security Advisory and apply the necessary updates

• ClamAV UDF File Parsing Out-of-Bounds Read Information Disclosure Vulnerability
• Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability
• Cisco Security Advisories

On 17^th June 2025, Citrix published security advisories to address vulnerabilities in the following products:

• Citrix Secure Access Client for Windows - versions prior to 25.5.1.15
• NetScaler ADC and NetScaler Gateway 14.1 - versions prior to 14.1-43.56
• NetScaler ADC and NetScaler Gateway 13.1 - versions prior to 13.1-58.32
• NetScaler ADC 13.1-FIPS and NDcPP - versions prior to 13.1-37.235-FIPS and NDcPP
• NetScaler ADC 12.1-FIPS - versions prior to 12.1-55.328-FIPS
• NetScaler Console 14.1 - versions prior to 14.1.47.46
• NetScaler Console 13.1 - versions prior to 13.1.58.32
• NetScaler SDX (SVM) 14.1 - versions prior to 14.1.47.46
• NetScaler SDX (SVM) 13.1 - versions prior to 13.1.58.32

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694724
• Citrix Security Advisory - CTX693420
• Citrix Security Advisory - CTX694729
• Citrix Security Advisories

On 16^th June 2025. BeyondTrust published a security advisory to address vulnerabilities in the following products:

• Remote Support - version 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1
• Privileged Remote Access - version 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1

Review the following advisories and apply the necessary updates:

• BeyondTrust Security Advisory - Advisory ID: BT25-04
• BeyondTrust Advisories

On 17^th June 2025, Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication - version 12.3.1.1139 and prior
• Veeam Agent for Microsoft Windows - version 6.3.1.1074 and prior

Review the following advisories and apply the necessary updates:

• Veeam Security Advisory - KB4743
• Veeam Knowledge Base

On 16^th June 2025, Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat - versions 11.0.0-M1 to 11.0.7
• Apache Tomcat - versions 10.1.0-M1 to 10.1.41
• Apache Tomcat - versions 9.0.0.M1 to 9.0.105

Review the provided Apache Security Advisory and apply the necessary updates.

Between June 9^th and 15^th, 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

Between 9^th and 15^th June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• API Connect - version V10.0.5.0 to V10.0.5.9
• API Connect - version V10.0.8.0 to V10.0.8.2-iFix1
• IBM DataPower Gateway 10.6CD - versions 10.6.1.0 to 10.6.3.0
• IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data - multiple versions
• IBM MQ Operator - multiple versions
• IBM Robotic Process Automation - version 21.0.0 to 21.0.7.20 and version 23.0.0 to 23.0.20.1
• IBM Robotic Process Automation for Cloud Pak - version 21.0.0 to 21.0.7.20 and version 23.0.0 to 23.0.20.1
• IBM Security QRadar EDR - version 3.12
• IBM supplied MQ Advanced container images - multiple versions
• PowerVC - version 2.2.0, 2.2.1, 2.2.1.1, 2.2.1.2 and 2.3.0

Review the IBM Security Advisory and apply the necessary updates.

Between 9^th and 15^th June 2025, Dell published security advisories to address vulnerabilities in the Dell iDRAC Tools - versions prior to 11.3.0.0.

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-169
• Dell Security advisories and notices

On 17^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.119/.120 (Windows/Mac) and 137.0.7151.119 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 11th June 2025, GitLab published security advisories to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.0.2, 17.11.4, and 17.10.8
• GitLab Enterprise Edition (EE) - versions prior to 18.0.2, 17.11.4, and 17.10.8

• GitLab Patch Release: 18.0.2, 17.11.4, 17.10.8
• GitLab Releases

On 9^th June 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Apex One.

Review the Trend Micro security bulletins and apply the necessary updates.

On 18th April and 10th June, Apache published security advisories to address vulnerabilities in the following products:

• Apache CloudStack - versions 4.0.0 to 4.20.0.0 and versions 4.0.0 to 4.19.2.0
• Apache ActiveMQ NMS OpenWire Client - versions prior to 2.1.

• Security Improvements in Apache CloudStack 4.19.3.0 and 4.20.1.0
• CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass

On 11^th June 2025, Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• GlobalProtect App 6.3 macOS - versions prior to 6.3.3
• GlobalProtect App 6.2 macOS - versions prior to 6.2.8-h2
• GlobalProtect App 6.1 macOS - all versions
• GlobalProtect App 6.0 macOS - all versions
• PAN-OS 11.2 - versions prior to 11.2.6
• PAN-OS 11.1 - versions prior to 11.1.10
• PAN-OS 11.0 - versions prior to 11.0.3
• PAN-OS 10.2 - versions prior to 10.2.14
• PAN-OS 10.1 - all versions
• Prisma Access Browser - versions prior to 136.24.1.93

Review the following advisories and apply the necessary updates:

• Palo Alto Networks Security Advisories - CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS
• Palo Alto Networks Security Advisories - CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
• Palo Alto Networks Security Advisories - CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
• Palo Alto Networks Security Advisories - PAN-SA-2025-0011
• Palo Alto Network Security Advisories

Between June 2^nd and June 8^th, 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 10th June 2025, Mozilla published security advisory to address vulnerabilities in Firefox - versions prior to 139.0.4.

Review the Mozilla security bulletins and apply the necessary updates.

On 10^th June 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP NetWeaver Application Server for ABAP - versions KERNEL 7.89, 7.93, 9.14 and 9.15
• SAP GRC (AC Plugin) - versions GRCPINW V1100_700 and V1100_731
• SAP Business Warehouse and SAP Plug-In Basis - versions PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 914 and 915
• SAP BusinessObjects Business Intelligence (BI Workspace) - versions ENTERPRISE 430, 2025 and 2027
• SAP NetWeaver Visual Composer - version VCBASE 7.50
• SAP MDM Server - versions MDM_SERVER 710.750

Review the SAP Security Patch Day – June 2025 and apply the necessary updates.

On 10^th June 2025, HPE published a security advisory to address vulnerabilities in HPE Aruba Networking Private 5G Core - versions 1.24.1.0 to 1.25.1.0.

Review the HPE security bulletins and apply the necessary updates.

On 10^th June 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Windows Storage Management Provider
• Windows Cryptographic Services
• .NET and Visual Studio
• Windows Remote Desktop Services
• Windows Win32K - GRFX
• Windows Common Log File System Driver
• Windows Installer
• Remote Desktop Client
• Windows Media
• Windows SMB
• Windows Recovery Driver
• Windows Storage Port Driver
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows DHCP Server
• Windows DWM Core Library
• WebDAV
• Microsoft Local Security Authority Server (lsasrv)
• Windows Local Security Authority (LSA)
• Windows Routing and Remote Access Service (RRAS)
• Windows Kernel
• Windows Standards-Based Storage Management Service
• App Control for Business (WDAC)
• Windows Netlogon
• Windows KDC Proxy Service (KPSSVC)
• Windows Shell
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft Office Outlook
• Microsoft Office PowerPoint
• Windows Remote Access Connection Manager
• Windows Security App
• Visual Studio
• Windows SDK
• Power Automate
• Microsoft AutoUpdate (MAU)
• Windows Hello
• Nuance Digital Engagement Platform

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

On 10^th June 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Acrobat DC - version 25.001.20521 and prior
• Acrobat Reader DC - version 25.001.20521 and prior
• Acrobat 2024 - version 24.001.30235 and prior
• Acrobat 2020 - version 20.005.30763 and prior
• Acrobat Reader 2020 - version 20.005.30763 and prior
• Adobe Commerce and Commerce B2B - multiple versions
• Adobe Experience Manager (AEM) - version 6.5.22 and prior
• Adobe InCopy - version 20.2 and prior, and version 19.53 and prior
• Adobe InDesign - version ID20.2 and prior, and version ID19.5.3 and prior
• Adobe Substance 3D Painter - version 11.0.1 and prior
• Adobe Substance 3D Sampler - version 5.0 and prior
• Magento Open Source - multiple versions

Review the Adobe Security Advisories and apply the necessary updates.

On 10^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.103/.104 (Windows/Mac) and 137.0.7151.103 (Linux).

Review the Google security bulletins and apply the necessary updates.

Between 2nd June and 8th June 2025, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 22.04 LTS

Between 2^nd June to 8^th June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• GDSC Platform On-prem - version 3.7.1
• IBM Concert Software - versions 1.0.0 to 1.0.5
• IBM Cloud Pak for Security - versions 1.10.0.0 to 1.10.11.0
• IBM Security Verify Governance - version 10.0.2
• IBM Security Verify Governance - Identity Manager Virtual Appliance – version 10.0.2
• Maximo AI Service - version 9.0.5
• QRadar Suite Software - versions 1.10.12.0 to 1.11.2.0

Review the IBM Security Advisory and apply the necessary updates.

Between 2^nd June and 8^th June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell SD-WAN EDGE610/610-LTE - versions prior to 2.6
• Dell SD-WAN EDGE620/640/680 - versions prior to 2.6
• Dell SmartFabric Manager - versions prior to 1.3.0
• PowerSwitch E3200-ON Series - versions prior to 3.57.5.1-5
• PowerSwitch N2200 Series - versions prior to 3.45.5.1-31
• PowerSwitch N3200-ON Series - versions prior to 45.5.1-31
• PowerSwitch S5448F-ON - versions prior to 3.52.5.1-12
• PowerSwitch Z9432F-ON - versions prior to 3.51.5.1-21
• PowerSwitch Z9264F-ON - versions prior to 3.42.5.1-21
• VEP1400 (VEP1425/1445/1485) - versions prior to 2.6

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-233
• Dell Security Advisories - DSA-2025-216
• Dell Security advisories and notices

Between 9^th and 15^th June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 22.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

On 4^th June 2025. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) have issued an updated advisory on Play Ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection.

Since June 2022, Playcrypt has targeted diverse businesses and critical infrastructure across North America, South America, and Europe, becoming one of the most active ransomware groups in 2024. As of May 2025, the FBI has identified approximately 900 entities allegedly exploited by these ransomware actors.

Review and implement the recommendations provided in the joint CSA to reduce the likelihood and impact of Play and other ransomware incidents.

On 4^th June 2025, HPE published a security advisory to address vulnerabilities in HPE Insight Remote Support - versions prior to 7.15.0.646.

Review the HPE security bulletins and apply the necessary updates.

On 6^th June 2025, Jenkins published a security advisory to address vulnerabilities in Gatling Plugin - version 136.vb_9009b_3d33a_e and prior.

Review the Jenkins Security Advisory and apply the necessary updates.

On 2^nd June 2025, Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

On 4^th June 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Cloud Foundation - versions 5.0.x, 5.1.x and 5.2.x
• VMware NSX - versions 4.0.x, 4.1.x, 4.2.1.x and 4.2.x
• VMware Telco Cloud Infrastructure - versions 2.x and 3.x
• VMware Telco Cloud Platform - versions 3.x, 4.x and 5.x

Review the following advisories and apply the necessary updates:

• VMSA-2025-0012: VMware NSX updates address multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245)
• Security Advisories - VMware Cloud Foundation

On 3^rd June 2025 HPE published a security advisory to address vulnerabilities in HPE Telco Service Orchestrator - versions prior to v5.3.2.

Review the HPE security bulletins and apply the necessary updates.

On 3^rd June 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 137.0.3296.62.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 4^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Identity Services Engine on Cloud Platforms (AWS) - versions 3.1, 3.2, 3.3 and 3.4
• Cisco Identity Services Engine on Cloud Platforms (Azure) - versions 3.2, 3.3 and 3.4
• Cisco Identity Services Engine on Cloud Platforms (OCI) - versions 3.2, 3.3 and 3.4
• Cisco Integrated Management Controller - UCS B-Series Blade Servers
• Cisco Integrated Management Controller - UCS C-Series Rack Servers
• Cisco Integrated Management Controller - UCS S-Series Storage Servers
• Cisco Integrated Management Controller - UCS X-Series Modular System
• Cisco Nexus Dashboard Fabric Controller (NDFC) - versions prior to 3.2(2f)

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability
• Cisco Integrated Management Controller Privilege Escalation Vulnerability
• Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability
• Cisco Security Advisories

On 2^nd June 2025, SolarWinds published a security advisory to address vulnerabilities in the SolarWinds Platform – version 12.3.1.20 and prior.

Review the SolarWinds Security Advisory and apply the necessary updates.

On 2^nd June 2025, Splunk published a security update to address vulnerabilities in the following products.

• Splunk Enterprise - versions prior to 9.4.2, 9.3.4, 9.2.6 and 9.1.9
• Splunk Universal Forwarder - versions prior to 9.4.2, 9.3.4, 9.2.6 and 9.1.9
• Splunk Universal Forwarder for Windows - versions prior to 9.4.2, 9.3.4, 9.2.6 and 9.1.9

Review the following Splunk Security Advisory and apply the necessary updates:

• Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade
• Third-Party Package Updates in Splunk Enterprise - June 2025
• Third-Party Package Updates in Splunk Universal Forwarder - June 2025
• Splunk Security Advisories

On 02^nd June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.68/.69 (Windows/Mac) and 137.0.7151.68 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 2^nd June 2025, Qualcomm published a security bulletin to address vulnerabilities affecting multiple chipsets.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Between 26th May and 1st June 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Power LE - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 26th May and 1st June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.03.01.00
• Dell Avamar - multiple versions and products
• Dell Connectrix SANnav - versions prior to 2.3.1a
• Dell NetWorker Runtime Environment (NRE) - version 8.0.24
• Dell NetWorker Virtual Edition (NVE) - multiple versions
• Dell PowerProtect DP Series Appliance (IDPA) - versions prior to 2.7.8
• Dell ThinOS - multiple versions
• Dell VxRail Appliance - versions 7.0.000 to 7.0.541

Between 26th May and 1st June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Astronomer with IBM - version 0.36.1
• IBM DataStage on Cloud Pak for Data - versions 8.9 and 5.1.3
• IBM® Db2® - version 1.0 to 11.1.4.7, 11.5.0 to 11.5.9 and 12.1.0 to 12.1.1
• IBM DS8900F and DS8A00 - multiple products and versions
• IBM Guardium Data Protection - version 0
• IBM InfoSphere Information Server - version 7
• IBM Maximo Application Suite - Monitor Component - multiple versions
• IBM Observability with Instana (OnPrem) - Build 1.0.292 to 1.0.295
• IBM Process Mining - version 0.1
• IBM Rapid Infrastructure Automation - multiple versions
• IBM Guardium Data Protection - version 0
• IBM SPSS Collaboration and Deployment Services - version 5
• IBM Tivoli Monitoring - versions 6.3.0.7 to 6.3.0.7 Service Pack 19
• IBM Watson Discovery Cartridge ICP - Discovery - version 0.0 to 5.0.3
• IBM Watson Knowledge Catalog on-prem - Discovery - versions 8.6 and 4.8.7
• IBM Watson Knowledge Catalog on-prem - Discovery - versions 0.2, 5.0.3 and 5.1

On 1st June 2025, Roundcube published security advisories to address vulnerabilities in the following products:

• Webmail - versions prior to 1.5.10
• Webmail - versions prior to 1.6.11

• Security updates 1.6.11 and 1.5.10 released
• Roundcube Webmail 1.6.11
• Roundcube Webmail 1.5.10

Between 30^th May and 2^nd June 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE StoreOnce Software – versions prior to 4.3.11
• HPE OneView – versions prior to v10.00

Review the following HPE Security Advisory and apply the necessary updates:

• HPE Security Bulletin - HPESBST04847
• HPE Security Bulletin - hpesbgn04853en_us
• HPE Security Bulletin Library

Between 26^th May and 1^st June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Review the Ubuntu Security Notices and apply the necessary updates.

On 29th May 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 137.0.3296.52.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 27th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 128.11
• Firefox ESR - versions prior to 115.24
• Firefox - versions prior to 139

• Mozilla Foundation Security Advisory 2025-44
• Mozilla Foundation Security Advisory 2025-43
• Mozilla Foundation Security Advisory 2025-42
• Mozilla Security Advisories

On 27th May 2025 Citrix published a security Advisory to address a vulnerability in XenServer VM Tools for Windows - versions prior to 9.4.1.

Review Citrix security advisory and apply necessary updates.

On 27th May 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.55/56 (Windows/Mac) and 137.0.7151.55 (Linux).

Review the Google security bulletins and apply the necessary updates.

Between 19th and 25th May 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products: Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 24.10 Review the Ubuntu Security Notices and apply the necessary updates.

Between 19th and 25th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Integrated Analytics System - versions 1.0.0.0 to 1.0.30.0
• IBM Integration Bus - versions 10.1.0.0 to 10.1.0.5
• IBM MANTA Automated Data Lineage for IBM Cloud Pak for Data - versions 5.0 to 5.1.2
• IBM Maximo AI Service - version 9.0.5
• IBM Security QRadar EDR - version 3.12
• IBM watsonx Assistant Cartridge - versions 4.0 to 5.1.2
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component - versions 5.0 to 5.1.2

Between 19th and 25th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking OS10 - versions prior to 10.5.6.9
• CloudBoost Virtual Appliance - versions prior to 19.12.0.1

• Dell Security Advisories - DSA-2025-175
• Dell Security Advisories - DSA-2025-160
• Dell Security advisories and notices

Between 19th and 25th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for IBM - multiple versions and platforms
• Red Hat Enterprise Linux for Power - multiple versions and platforms
• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

• RHSA-2025:7937 - Security Advisory
• RHSA-2025:8056 - Security Advisory
• RHSA-2025:8057 - Security Advisory
• RHSA-2025:8058 - Security Advisory
• Red Hat Security Advisories

On 22nd May 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE NonStop SSL (T0910) - multiple versions
• HPE MR-WIN6530 (T0819) - multiple versions
• HPE NonStop SSH Server (T0801) - multiple versions

On 21st May 2025, GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 18.0.1, 17.11.3 and 17.10.7
• GitLab Enterprise Edition (EE) - versions prior to 18.0.1, 17.11.3 and 17.10.7

On 21st May 2025, Cisco published a security advisory to address a vulnerability in the Cisco Identity Services Engine (ISE) - version 3.4.

Review the Cisco Security Advisory and apply the necessary updates.

Between 12th to 18th May 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Between 12th to 18th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 12th to 18th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Astronomer with IBM - version 0.36.1
• IBM ApplinX - version 11.1
• IBM Business Automation Workflow Enterprise Service Bus - multiple versions
• IBM Business Automation Workflow traditional - multiple versions
• IBM Event Streams - version 11.3.0 to 11.6.1
• IBM Storage Copy Data Management - version 2.2.0.0 to 2.2.25.0
• IBM watsonx Assistant for IBM Cloud Pak for Data - version 4.0.0 to 4.8.7

Between 12th to 18th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.04.01.00
• RecoverPoint for Virtual Machines - versions 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2 and 6.0. SP2
• Dell EMC Networking VEP1425/1445/1485 - versions prior to 2.6
• Dell SD-WAN EDGE620/640/680 - versions prior to 3.50.0.9-21
• Dell SD-WAN EDGE610/610-LTE - versions prior to 3.43.0.9-24
• PowerFlex Appliance IC - versions prior to IC-38.367.01
• PowerSwitch Z9664F-ON - versions prior to 3.54.5.1-9
• PowerSwitch Z9432F-ON - versions prior to 3.51.5.1-21
• PowerSwitch Z9264F-ON - versions prior to 3.42.5.1-21
• PowerSwitch S5448F-ON - versions prior to 3.52.5.1-12
• PowerSwitch E3200-ON Series - versions prior to 3.57.5.1-5
• PowerSwitch N2200-ON Series - versions prior to 3.45.5.1-31
• PowerSwitch N3200-ON Series - versions prior to 3.45.5.1-31

• Dell Security Advisories - DSA-2025-209
• Dell Security Advisories - DSA-2025-202
• Dell Security Advisories - DSA-2025-197
• Dell Security Advisories - DSA-2025-196
• Dell Security advisories and notices

On 20th May 2025, Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Fisheye/Crucible - version 4.9.0
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

On 17th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 115.23.1
• Firefox ESR - versions prior to 128.10.1
• Firefox - versions prior to 138.0.4

• Mozilla Security Advisory (MFSA 2025-38)
• Mozilla Security Advisory (MFSA 2025-37)
• Mozilla Security Advisory (MFSA 2025-36)
• Mozilla Security Advisories

On 20th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• vCenter Server - versions 7.0 and 8.0
• VMware ESXi - versions 7.0 and 8.0
• VMware Cloud Foundation (vCenter) - versions 4.5.x and 5.x
• VMware Cloud Foundation (ESXi) - versions 4.5.x and 5.x
• VMware Fusion - versions 13.x
• VMware Telco Cloud Platform (ESXi) - versions 2.x, 3.x, 4.x and 5.x
• VMware Telco Cloud Infrastructure (ESXi) - versions 2.x and 3.x
• VMware Telco Cloud Platform (vCenter) - versions 2.x, 3.x, 4.x and 5.
• VMware Telco Cloud Infrastructure (vCenter) - versions 2.x and 3.x
• VMware Workstation - versions 13.x and 17.x

• VMSA-2025-0009 : VMware Cloud Foundation updates address multiple vulnerabilities (CVE-2025-41229, CVE-2025-41230, CVE-2025-41231)
• VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)
• Security Advisories - VMware Cloud Foundation

On 15th May 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.76.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 13th May 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Endpoint Manager Mobile (EPMM) - version 11.12.0.4 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.3.0.1 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.4.0.1 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.5.0.0 and prior

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
• Ivanti Security Advisories

On 13th May 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe Animate 2023 - version 23.0.11 and prior
• Adobe Animate 2024 - version 24.0.8 and prior
• Adobe Bridge - version 14.1.6 and prior
• Adobe Bridge - version 15.0.3 and prior
• Adobe ColdFusion 2021 - version Update 19 and prior
• Adobe ColdFusion 2023 - version Update 13 and prior
• Adobe ColdFusion 2025 - version Update 1 and prior
• Adobe Connect - version 12.8 and prior
• Adobe Dimension - version 4.1.1 and prior
• Adobe Dreamweaver - version 21.4 and prior
• Adobe Illustrator 2024 - version 28.7.5 and prior
• Adobe Illustrator 2025 - version 29.3 and prior
• Adobe InDesign - version ID19.5.2 and prior
• Adobe InDesign - version ID20.2 and prior
• Adobe Lightroom - version 8.2 and prior
• Adobe Substance 3D Modeler - version 1.21.0 and prior
• Adobe Substance 3D Stager - version 3.1.1 and prior
• Photoshop 2024 - version 25.12.2 and prior
• Photoshop 2025 - version 26.5 and prior
• Adobe Substance 3D Painter - version 11.0 and prior

On 14th May 2025, Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 135.16.8.96.

Review the Palo Alto Networks Security Advisory and apply the necessary updates.

On 14th May 2025, Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.113 for Linux and prior to versions prior to 136.0.7103.113/114 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

From 9th to 13th May 2025, Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• Juniper Secure Analytics - versions 7.5.0 to versions prior to 7.5.0 UP11 IF02
• Junos OS - versions 19.4R1 and later
• Junos OS Evolved - versions 22.3R1 and later

• 2024-05 Reference Advisory: Junos OS and Junos OS Evolved: Multiple CVEs reported in OpenSSH
• On Demand: JSA Series: Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP11 IF03
• Juniper Networks Security Advisories

On 14th May 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• Cadence vManager Plugin - version 4.0.1-286.v9e25a_740b_a_48 and prior
• DingTalk Plugin - version 2.7.3 and prior
• Health Advisor by CloudBees Plugin - version 374.v194b_d4f0c8c8 and prior
• OpenID Connect Provider Plugin - version 96.vee8ed882ec4d and prior
• WSO2 Oauth Plugin - version 1.0 and prior

• Jenkins Security Advisory 2025-05-15
• Jenkins Security Advisories

Between the 5th to 11th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Operator - multiple versions
• IBM App Connect Enterprise Certified Containers Operands - multiple versions
• IBM Application Modernization Accelerator - versions 4.0.0 to 4.1.0
• IBM Business Automation Insights - versions 24.0.0 and 24.0.1
• IBM CICS TX Advanced - versions 10.1 and 11.1
• IBM Cloud Pak for Business Automation - multiple versions
• IBM Cloud Pak for Data System 1.0 - versions 1.0.0.0 to 1.0.8.4
• IBM Cloud Transformation Advisor - versions 2.0.1 to 4.1.0
• IBM Cognos Dashboards on Cloud Pak for Data - versions 4.8.0 to 4.8.8 and versions 5.0.0 to 5.1.2
• IBM Content Collector for Email - version 4.0.1
• IBM Content Collector for File Systems - version 4.0.1
• IBM Content Collector for Microsoft - version 4.0.1
• IBM Maximo AI Service - version 9.0.5
• IBM Maximo Application Suite - versions 8.8, 8.9 and 9.0
• IBM Maximo Application Suite - Location Service for Esri Component - version 9.0
• IBM Operational Decision Manager - multiple versions
• IBM Planning Analytics Local - IBM Planning Analytics Workspace - versions 2.0 and 2.1
• IBM Storage Scale - versions 1.7.0 to 5.1.9.8 and 5.2.2.0 to 5.2.2.1
• IBM Storage Virtualize vSphere Remote Plug-in - multiple versions
• IBM TXSeries for Multiplatforms - multiple versions
• IBM Watson Knowledge Catalog on-prem - versions 4.5.2, 4.6.6 to 4.8.6 and versions 5.0 to 5.0.3
• IBM Watson Machine Learning Accelerator on Cloud Pak for Data - versions 4.8.2 to 4.8.6 and versions 5.0 to 5.0.2
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 4.8.4 to 4.8.5
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 5.0.0 to 5.1.2
• IBM watsonx.data - version 2.1.2
• Red Hat OpenShift on IBM Cloud - multiple versions

On 12th May 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Aria Automation - version 8.18.x
• VMware Cloud Foundation - version 4.x and 5.x
• VMware Telco Cloud Platform - version 5.x

• MSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
• Security Advisories - VMware Cloud Foundation

On 12th May 2025, Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.5
• iPadOS - versions prior to 17.7.7
• macOS Sequoia - versions prior to 15.5
• macOS Sonoma - versions prior to 14.7.6
• macOS Ventura - versions prior to 13.7.6
• Safari - versions prior to 18.5

On 13th May 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiCamera 1.1 - all versions
• FortiCamera 2.0 - all versions
• FortiCamera 2.1 - version 2.1.0 to 2.1.3
• FortiMail - version 7.0.0 to 7.0.8
• FortiMail - version 7.2.0 to 7.2.7
• FortiMail - version 7.4.0 to 7.4.4
• FortiMail - version 7.6.0 to 7.6.2
• FortiNDR - version 1.1 to 1.4
• FortiNDR - version 1.5.0 to 1.5.3
• FortiNDR - version 7.0.0 to 7.0.6
• FortiNDR - version 7.1.0 to 7.1.1
• FortiNDR - version 7.2.0 to 7.2.4
• FortiNDR - version 7.4.0 to 7.4.7
• FortiNDR - version 7.6.0
• FortiOS - version 7.4.4 to 7.4.6
• FortiOS - version 7.6.0
• FortiProxy - version 7.6.0 to 7.6.1
• FortiRecorder - version 6.4.0 to 6.4.5
• FortiRecorder - version 7.0.0 to 7.0.5
• FortiRecorder - version 7.2.0 to 7.2.3
• FortiSwitchManager - version 7.2.5
• FortiVoice - versions 6.4.0 to 6.4.10
• FortiVoice - versions 7.0.0 to 7.0.6
• FortiVoice - versions prior to 7.2.0

• Fortinet PSIRT - FG-IR-25-254 (CVE-2025-32756)
• Fortinet PSIRT - FG-IR-25-472 (CVE-2025-22252)
• Fortinet PSIRT Advisories

On 13th May 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Business Objects Business Intelligence Platform (PMW) - versions ENTERPRISE 430, 2025 and 2027
• SAP Landscape Transformation (PCL Basis) - versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107 and 108
• SAP NetWeaver (Visual Composer development server) - version VCFRAMEWORK 7.50
• SAP Supplier Relationship Management (Live Auction Cockpit) - version SRM_SERVER 7.14
• SAP S/4HANA S4CORE Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) - versions S4CORE 102, 103, 104, 105, 106, 107, 108, SCM_BASIS 700, 701, 702, 712, 713 and 714

On 13th May 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Cloud Services Application - version 5.0.4 and prior
• Ivanti Neurons for ITSM (on-prem only) - versions 2023.4, 2024.2 and 2024.3

• Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)
• Security Advisory Ivanti Neurons for ITSM (on-premises only) (CVE-2025-22462)
• Ivanti Security Advisories

On 12th and 13th May 2025, Intel published security advisories to address vulnerabilities in multiple products.

Review the provided Intel Security Advisories and perform the suggested mitigations.

On 13th May 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms

Between May 5 and 11, 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Between 5th and 11th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 5th to 11th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Connectrix SANnav - versions prior to 2.3.1a
• Dell Edge Gateway - multiple models and versions prior to 2.00.10
• Dell EMC Networking VEP1425/VEP1445/VEP1485 - versions prior to 2.6
• Dell Networking VEP4600 - multiple models and versions prior to 4.3
• Dell PowerFlex rack - versions prior to 3.7.7.0
• Dell PowerFlex rack - versions prior to 3.8.2.0
• Dell PowerSwitch - multiple models and versions
• Dell SD-WAN Edge 600 - versions prior to 2.6
• Dell Storage Manager DSM - versions prior to 2020 R1.21

Commvault published a security advisory to address a critical vulnerability in Commvault - versions 11.38.0 to 11.38.19

Review the Security Advisory and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.64.

Release notes for Microsoft Edge Security Updates and apply the necessary updates.

F5 published Quarterly Security Notifications for multiple products. Included were updates for the following:

• BIG-IP (all modules) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP (APM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP (PEM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP Next (all modules) - versions 20.2.0 to 20.2.1
• BIG-IP Next SPK - versions 1.8.0 to 1.9.2 and versions 1.7.0 to 1.9.2
• BIG-IP Next CNF - versions 1.1.0 to 1.4.1
• F5OS-A - versions 1.5.1 to 1.5.3
• F5OS-C - versions 1.6.0 to 1.6.2

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• 1000 Series Integrated Services Routers
• 1100 Series Integrated Services Routers (ISRs)
• 4000 Series Integrated Services Routers
• Integrated access points (APs) in Integrated Service Routers (ISR)1100 (Wi-Fi 6)
• Catalyst 8200 Series Edge Platforms
• Catalyst 8300 Series Edge Platforms
• Catalyst 8500 Series Edge Platforms
• Catalyst 8500L Series Edge Platforms
• Catalyst 9800-CL Wireless Controllers for Cloud
• Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
• Catalyst 9800 Series Wireless Controllers
• Embedded Wireless Controller on Catalyst 9100X Access Points
• Catalyst SD-WAN Manager - versions 20.8 and prior, 20.9, 20.10, 20.11, 20.12, 20.13, 20.14, 20.15, and 20.16
• Wi-Fi 6 pluggable module for Catalyst IR1800 Rugged Series Routers
• Cisco Industrial Ethernet 2000, 4000, 4010, and 5000 Series Switches
• Cisco IOS, IOS XE, NX-OS and IOS XR Software
• Cisco Adaptive Security Appliance (ASA) Software
• Cisco Firepower Threat Defense (FTD) Software

SonicWall published a security advisory to address vulnerabilities in SonicWall SMA 100 Series (SMA 200, 210, 400, 410, 500v) - version 10.2.1.14-75sv and prior.

Review the Security Advisory and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Enterprise MFA - TFA for Drupal - versions prior to 4.7.0 and versions 5.0.0 to versions prior to 5.2.0
• Restrict route by IP - versions prior to 1.3.0

• Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
• Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
• Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-0554
• Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.92 for Linux and prior to 136.0.7103.92/.93 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Microsoft Azure - versions prior to 01.04.01.00
• Dell VxRail Appliance - versions 8.0.000 to 8.0.322
• PowerFlex Appliance IC - versions prior to IC 46.377.00 and versions prior to IC 46.382.00
• PowerFlex rack RCM - versions prior to 6.7.1

• DSA-2025-194: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
• DSA-2025-193: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
• DSA-2025-152: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities
• DSA-2025-170: Security Update for Dell APEX Cloud Platform for Microsoft Azure and Dell APEX Cloud Platform Foundation Software Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• CP4NA - version 2.7.7
• GDSC Platform On-prem - version 3.7.1
• IBM Cloud Pak for Business Automation - versions V24.0.1 to V24.0.1-IF001 and versions 24.0.0 to 24.0.0-IF004
• IBM Cloud Pak System - version 2.3.4.0 (Intel)
• IBM Planning Analytics Cartridge - versions 5.0.0 to 5.1.0
• IBM Planning Analytics Cartridge for IBM Cloud Pak for Data - versions 4.8.0 to 4.8.8
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 4.8.4 to 4.8.5 and versions 5.0.0 to 5.1.1
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.2

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 20.04 ESM
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.50.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.59 for Linux and prior to 136.0.7103.48/49 for Windows and Apple MAC.

Review the Google security bulletins  and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in the following products:

• VMware Tanzu GemFire Vector Database - versions prior to 1.2.0
• VMware Tanzu Greenplum - versions prior to 7.4.1

• Product Release Advisory - VMware Tanzu Gemfire 1.2.0
• Product Release Advisory - VMware Tanzu Greenplum 7.4.1
• Security Advisories - Tanzu

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird ESR - versions prior to 128.10
• Thunderbird - versions prior to 138
• Firefox ESR - versions prior to 115.23
• Firefox ESR - versions prior to 128.10
• Firefox - versions prior to 138

• Mozilla Security Advisory (MFSA 2025-32)
• Mozilla Security Advisory (MFSA 2025-31)
• Mozilla Security Advisory (MFSA 2025-30)
• Mozilla Security Advisory (MFSA 2025-29)
• Mozilla Security Advisory (MFSA 2025-28)

Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat - versions 11.0.0-M1 to 11.0.5
• Apache Tomcat - versions 10.1.0-M1 to 10.1.39
• Apache Tomcat - versions 9.0.0.M1 to 9.0.102

• Apache Tomcat - 9.0.104
• Apache Tomcat - 10.1.40
• Apache Tomcat - 11.0.6

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.02.04.00
• Dell Connectrix B-Series - versions 9.1.0 to 9.1.1d6
• Dell PowerProtect Data Manager - versions 19.15.0 to 19.18.0-23

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Power HMC V10.2.1030.0 - version V10.2.1030.0
• IBM Power HMC V10.3.1050.0 - version V10.3.1050.0
• IBM QRadar SIEM - version 7.5 to 7.5.0 UP11 IF03
• IBM webMethods B2B (on-prem) - versions 10.11, 10.15 and 11.1
• IBM webMethods Integration (on prem) - versions 10.11, 10.15 and 11.1

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.98.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.11.1, 17.10.5 and 17.9.7
• GitLab Enterprise Edition (EE) - versions prior to 17.11.1, 17.10.5 and 17.9.7

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• ConfD
• ConfD Basic
• Intelligent Node Manager
• Network Services Orchestrator (NSO)
• Smart PHY
• Ultra Cloud Core - Subscriber Microservices Infrastructure

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Brocade Fabric OS - versions prior to v9.1.1d7 and v9.2.0
• HPE Compute Scale-up Server 3200 - versions prior to v1.55.98
• HPE Performance Cluster Manager HPCM 1.12 and prior
• HPE Superdome Flex 280 Server - versions prior to v2.00.12
• HPE Telco Unified OSS Console - versions prior to v3.1.15

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.114 for Linux and prior to 135.0.7049.114/115 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Enterprise - versions 12.0.1.0 to 12.0.12.12 and 13.0.1.0 to 13.0.2.2
• IBM CICS TX Standard - version 11.1
• IBM Cloud Pak for Security - version 1.10.0.0 to 1.10.11.0
• IBM Maximo Application Suite - multiple versions
• PowerVC - versions 2.1.1.2, 2.2.0, 2.2.1, 2.2.1.1 and 2.3.0
• QRadar Suite Software - version 1.10.12.0 to 1.11.1.0

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Data Lakehouse - versions prior to 1.4.0.0
• Dell Storage Resource Manager - versions prior to 5.1.0.0
• Dell Storage Monitoring and Reporting - versions prior to 5.1.0.0
• PowerStore 1000X - versions prior to 3.2.1.6-2476179
• PowerStore 3000X - versions prior to 3.2.1.6-2476179
• PowerStore 5000X - versions prior to 3.2.1.6-2476179
• PowerStore 7000X - versions prior to 3.2.1.6-2476179
• PowerStore 9000X - versions prior to 3.2.1.6-2476179

• DSA-2025-165: Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR) Security Update for Multiple Third-Party Component Vulnerabilities
• DSA-2025-182: Dell PowerStore X Security Update for Multiple Vulnerabilities
• DSA-2025-184: Security Update for Dell Data Lakehouse Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 0.3179.85.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.4.1
• macOS Sequoia - versions prior to 15.4.1

Cisco published a security advisory to address a vulnerability in the Cisco Webex App - versions 44.6 and 44.7.

Review the Cisco Security Advisory and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in Firefox - versions prior to 137.0.2.

Review the Mozilla security bulletins and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.95 for Linux and prior to 135.0.7049.95/96 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• Oracle Analytics
• Oracle Application Express
• Oracle Autonomous Health Framework
• Oracle Commerce
• Oracle Communications Applications
• Oracle Communications
• Oracle Construction and Engineering
• Oracle E-Business Suite
• Oracle Enterprise Manager
• Oracle Financial Services Applications
• Oracle Food and Beverage Applications
• Oracle Fusion Middleware
• Oracle GoldenGate
• Oracle Hospitality Applications
• Oracle Hyperion
• Oracle Insurance Applications
• Oracle Java SE
• Oracle JD Edwards
• Oracle MySQL
• Oracle PeopleSoft
• Oracle Policy Automation
• Oracle Retail Applications
• Oracle Siebel CRM
• Oracle Solaris
• Oracle SQL Developer
• Oracle Supply Chain
• Oracle Support Tools
• Oracle TimesTen In-Memory Database
• Oracle Utilities
• Oracle Virtualization

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5a - version ADS Gen5A
• Dell Integrated System for Microsoft Azure Stack HCI - multiple versions and models
• Dell Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2502
• Dell iDRAC9 - versions prior to 7.00.00.181 and 7.20.30.50
• Dell NetWorker Management Console - versions prior to 19.11.04 and 19.12.0.1
• Dell PowerProtect Cyber Recovery Software - versions prior to 19.18.0.2
• Dell PowerProtect Data Manager DM5500 Appliance Software - versions prior to 5.19

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Business Automation Manager Open Editions - versions 8.0.0 to 8.0.6
• IBM Guardium Data Protection - version 11.4, 12.0 and 12.1
• IBM Integration Bus for z/OS - versions 10.1.0.0 to 10.1.0.5
• IBM PCOMM - versions v14.x and v15.x
• IBM Process Mining - versions 2.0.0 IF001 and 2.0.0
• IBM Storage Protect Plus - versions 10.1.0. to 10.1.16
• IBM Storage Protect Server - version 8.1
• IBM Storage Scale - versions 5.1.7.0 to 5.1.9.8 and 5.2.0.0 to 5.2.2.0
• IBM Security Verify Governance - version ISVG 10.02
• IBM Security Verify Governance, Identity Manager Software Stack - version ISVG 10.02
• IBM Security Verify Governance, Identity Manager Virtual Appliance - version ISVG 10.02

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

• RHSA-2025:3832 - Security Advisory
• Red Hat Security Advisories

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.73.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• CTP View - versions prior to 9.2R1
• Junos OS - multiple versions
• Junos OS Evolved - multiple versions
• Junos OS on EX and QFX5k Series - multiple versions
• Junos OS on MX Series - multiple versions
• Juno OS on SRX Series - multiple versions
• Junos Space - versions prior to 24.1R3
• Junos Space Security Director - versions prior to 24.1R3

Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 132.83.3017.1.

Review the Palo Alto Networks Security Advisory and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• ECA : Event - Condition - Action – versions 1.2.x, versions prior to 1.1.12, version 2.0.0 to versions prior to 2.0.16 and version 2.1.0 to versions prior to 2.1.7
• Panels - versions prior to 4.9.0

• ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
• Panels - Critical - Access bypass - SA-CONTRIB-2025-033
• Drupal Security Advisories

HPE published a security advisory to address vulnerabilities in HPE Cray XD670 - versions prior to BMC v1.19.

Review the HPE security bulletins and apply the necessary updates.

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Capital Yield Tax Management - versions CYTERP 420_700, CYT 800, IBS 7.0 and CYT4HANA 100
• SAP Commerce Cloud -versions HY_COM 2205 and COM_CLOUD 2211
• SAP Financial Consolidation -version 1010
• SAP Landscape Transformation DMIS- versions 2011_1_700, 2011_1_710, 2011_1_730 and 2011_1_731
• SAP NetWeaver and ABAP Platform (Service Data Collection)- versions ST-PI 2008_1_700, 2008_1_710 and 740
• SAP NetWeaver Application Server ABAP - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 and 7.93
• SAP S/4HANA S4CORE - versions 102, 103, 104, 105, 106, 107 and 108

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiSwitch 7.6 version 7.6.0
• FortiSwitch 7.4 versions 7.4.0 to 7.4.4
• FortiSwitch 7.2 versions 7.2.0 to 7.2.8
• FortiSwitch 7.0 versions 7.0.0 to 7.0.10
• FortiSwitch 6.4 versions 6.4.0 to 6.4.14

Review the Fortinet Advisory and apply the necessary updates.

Ivanti published a security advisory to address a vulnerability in Ivanti Endpoint Manager version 2024 and version 2022 SU6 and prior.

Review the Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6 and apply the necessary updates.

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe After Effects version 24.6.4 and prior and version 25.1 and prior
• Adobe Animate 2024 version 24.0.7 and prior
• Adobe Animate 2023 version 23.0.10 and prior
• Adobe Bridge version 14.1.5 and prior and version 15.0.2 and prior
• Adobe Commerce multiple versions
• Adobe Commerce B2B multiple versions
• Adobe Experience Manager Forms on JEE version 6.5.22.0 (AEMForms-6.5.0-0093) and prior
• Adobe Experience Manager Screens version AEM 6.5 Screens FP11.3 and prior
• Adobe FrameMaker version 2022 Release Update 5 and prior
• Adobe FrameMaker version 2020 Release Update 7 and prior
• Adobe Media Encoder version 24.6.4 and prior and version 25.1 and prior
• Adobe Premiere Pro version 25.1 and prior and version 24.6.4 and prior
• Adobe XMP-Toolkit-SDK version 2023.12 and prior
• ColdFusion 2025 version build 331385
• ColdFusion 2023 version Update 12 and prior
• ColdFusion 2021 version Update 18 and prior
• Magento Open Source multiple versions
• Photoshop 2025 version 26.4.1 and prior
• Photoshop 2024 version 25.12.1 and prior

Review the Adobe Security Advisories and apply the necessary updates

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.84 for Linux and prior to 0.7049.84/85 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms 

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

VMware released a security advisory to address vulnerabilities in the following products:

• VMware Tanzu Greenplum versions prior to 6.29.0
• VMware Tanzu Greenplum Backup and Restore versions prior to 1.31.0
• VMware Tanzu Greenplum Platform Extension Frameworkversions prior to 6.11.1

Review the following advisories and apply the necessary updates:

• Product Release Advisory - VMware Tanzu Greenplum Backup and Restore 1.31.0
• Product Release Advisory - VMware Tanzu Greenplum 6.29.0
• Security Advisories - VMware Cloud Foundation

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5a - version ADS Gen5A
• Dell PowerMax EEM 10.1.0.7 - version 10.1.0.5.10551 and prior
• Dell PowerMax EEM 10.2.0.1 - version 10.2.0.0
• Dell PowerMax EEM 5978 - version 5978.714.714.10632 and prior
• Dell PowerMax OS 10.1.0.7 - version 10.1.0.5.10551 and prior
• Dell PowerMax OS 10.2.0.1 - version 10.2.0.0
• Dell PowerMax OS 5978 - version 5978.714.714.10632 and prior
• PowerFlex Custom Node - multiple versions and platforms
• Solutions Enabler Virtual Appliance - versions prior to 9.2.4.9
• Unisphere 360 - versions prior to 9.2.4.35
• Unisphere for PowerMax - multiple versions
• VxFlex Ready Node - multiple platforms, versions prior to 2.22.2

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Business Automation Manager Open Editions - versions 9.0.0 to 9.1.1
• IBM API Connect - versions V10.0.0.5.0 to V10.0.5.8 and versions V10.0.8.0 to 10.0.8.2
• IBM App Connect Enterprise - versions 13.0.1.0 to 13.0.2.2 and versions 12.0.1.0 to 12.0.12.11
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.1
• InfoSphere Information Server - version 11.7

Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand's National Cyber Security Centre (NCSC-NZ)- released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB).

This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on detection and mitigations to safeguard critical infrastructure and national security.

"Fast flux" is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS) records associated with a single domain name. This threat exploits a gap commonly found in network defences, making the tracking and blocking of malicious fast flux activities difficult.

Review the updated joint advisory to protect and detect Fast Flux.

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure - version 22.7R2.5 and prior
• Pulse Connect Secure (EoS) - version 9.1R18.9 and prior
• Ivanti Policy Secure - version 22.7R1.3 and prior
• ZTA Gateways - version 22.8R2 and prior

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.54.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Enterprise Chat and Email (ECE) - versions prior to 12.6 ES 10
• Cisco Meraki MX and Cisco Meraki Z Series - firmware versions 16.2, 17, 18.1, 18.2 and 19.1

• Cisco Security Advisory - cisco-sa-ece-dos-tC6m9GZ8
• Cisco Security Advisory - cisco-sa-meraki-mx-vpn-dos-vNRpDvfb
• Cisco Security Advisories

Jenkins published a security advisory to address vulnerabilities in the following products:

• Jenkins weekly - version 2.503 and prior
• Jenkins LTS - version 2.492.2 and prior
• AsakusaSatellite Plugin - version 0.1.1 and prior
• Cadence vManager Plugin - version 4.0.0-282.v5096a_c2db_275 and prior
• monitor-remote-job Plugin - version 1.0 and prior
• Simple Queue Plugin - version 1.4.6 and prior
• Stack Hammer Plugin - version 1.0.6 and prior
• Templating Engine Plugin - version 2.5.3 and prior

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird ESR - versions prior to 128.9
• Thunderbird - versions prior to 137
• Firefox ESR - versions prior to 128.9
• Firefox ESR - versions prior to 115.22
• Firefox - versions prior to 137

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.52 for Linux and prior to 135.0.7049.41/42 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

VMware released a security advisory to address vulnerabilities in the following products:

• VMware Aria Operations - version 8.x
• VMware Cloud Foundation - versions 5.x and 4.x
• VMware Telco Cloud Platform - versions 5.x, 4.x and 3.x
• VMware Telco Cloud Infrastructure - versions 3.x and 2.x

• VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
• Security Advisories - VMware Cloud Foundation

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.4
• iPadOS - versions prior to 17.7.6
• iOS and iPadOS - versions prior to 16.7.11
• iOS and iPadOS - versions prior to 15.8.4
• macOS Sequoia - versions prior to 15.4
• macOS Sonoma - versions prior to 14.7.5
• macOS Ventura - versions prior to 13.7.5

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Enterprise SONiC Distribution - versions prior to 4.4.2
• Dell ObjectScale - versions prior to ObjectScale 4.0
• Dell Storage Monitoring and Reporting - versions prior to 5.0.2.2
• Dell Storage Monitoring and Reporting - versions prior to 5.0.2.2
• Dell Storage Resource Manager - versions prior to 5.0.2.2
• Dell Unity - versions prior to 5.5.0.0.5.259
• PowerStore 1000T - versions prior to 3.6.1.5-2456810
• PowerStore 1200T - versions prior to 3.6.1.5-2456810
• PowerStore 3000T - versions prior to 3.6.1.5-2456810
• PowerStore 3200T - versions prior to 3.6.1.5-2456810
• PowerStore 5000T - versions prior to 3.6.1.5-2456810
• PowerStore 500T - versions prior to 3.6.1.5-2456810
• PowerStore 5200T - versions prior to 3.6.1.5-2456810
• PowerStore 7000T - versions prior to 3.6.1.5-2456810
• PowerStore 9000T - versions prior to 3.6.1.5-2456810
• PowerStore 9200T - versions prior to 3.6.1.5-2456810

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat CodeReady Linux Builder - multiple versions and platforms

Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox - versions prior to 136.0.4
• Firefox ESR - versions prior to 115.21.1
• Firefox ESR - versions prior to 128.8.1

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.10.1, 17.9.3 and 17.8.6
• GitLab Enterprise Edition (EE) - versions prior to 17.10.1, 17.9.3 and 17.8.6

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 134.0.3124.93.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Splunk published a security update to address vulnerabilities in the following products.

• Splunk Enterprise - versions prior to 9.4.0, 9.3.3, 9.2.5 and 9.1.8
• Splunk Cloud Platform - versions prior to 9.3.2408.104, 9.2.2406.108, 9.2.2403.114 and 9.1.2312.208

Next.js published a security advisory to address a critical vulnerability in the following product:

• Next.js - 15.x versions prior to 15.2.3
• Next.js - 14.x versions prior to 14.2.25
• Next.js - 13.x versions prior to 13.5.9
• Next.js - 12.x versions prior to 12.3.5

VMware released a security advisory to address multiple vulnerabilities in VMware Tools - versions 11.x.x and 12.x.x prior to 12.5.1 for Windows.

Review the VMware security advisory VMSA-2025-0005: VMware Tools for Windows update addresses an authentication bypass vulnerability and applies the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions prior to 134.0.6998.177/178 for Windows.

Review the Google security bulletins and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in HPE SANnav Management Software - versions prior to v2.3.1b and v2.4.0.

Review the HPE security bulletins and apply the necessary updates.

Kubernetes published security advisories to address vulnerabilities in the following products:

• Kubernetes ingress-nginx controller - versions prior to 1.11.5
• Kubernetes ingress-nginx controller - versions prior to 1.12.1

• Github Kubernetes
• Google Cloud GCP-2025-013
• Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.01.02.00
• Dell Chassis Management Controller (CMC) for Dell PowerEdge FX2 - versions prior to 2.40.200.202101130302
• Dell Chassis Management Controller (CMC) for PowerEdge VRTX - versions prior to 3.41.200.202209300499
• Dell Data Protection Central - versions 19.9.0 to 19.11.0-2
• Dell ECS - versions prior to 3.8.1.4
• Dell SmartFabric Manager - versions 1.0.0 and 1.1.0

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions
• Red Hat Enterprise Linux Server - multiple versions and platforms

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• AIX - versions 7.2 and 7.3
• DataStage on Cloud Pak for Data - version 4.8.2 to 4.8.4
• FileNet Content Manager - versions 5.5.12.0, 5.5.8.0 and 5.6.0.0
• IBM CP4MCM - version 2.3 to 2.3 FP9
• IBM Maximo Application Suite IoT Component - versions 8.7, 8.8 and 9.0
• IBM Rapid Infrastructure Automation - version 1.1.4
• IBM watsonx Assistant Cartridge - version 4.0 to 5.1.0
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component - version 5.0 to 5.1.0

HPE published a security advisory to address vulnerabilities in HPE Telco Service Activator - versions prior to 10.1.1.

Review the HPE security bulletins and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 134.0.3124.83.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Jenkins published a security advisory to address vulnerabilities in the following products:

• AnchorChain Plugin - version 1.0 and prior
• EDDSA API Plugin - version 3.0-13.v7cb_69ed68f00 and prior
• Zoho QEngine Plugin - version 0.29.vfa_cc23396502 and prior

Veem has released security updates to address a vulnerability in Veeam Backup & Replication - all versions 12 prior to build 12.3.1.1139.

Review the Veeam Security Advisory and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 134.0.6998.117 for Linux and prior to 134.0.6998.117/118 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat 11.0.0-M1 to 11.0.2
• Apache Tomcat 10.1.0-M1 to 10.1.34
• Apache Tomcat 9.0.0-M1 to 9.0.98

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.01.02.00
• Dell Cloud Tiering Appliance CTA and CTA-HA - versions prior to 13.2.0.2.33
• Dell Cloud Tiering Appliance CTA/VE and CTA-HA/VE - versions prior to 13.2.0.2.33
• Dell Connectrix B-Series and SANnav - multiple models and versions
• Dell Integrated System for Microsoft Azure Stack HCI - multiple models and versions
• Dell Networking OS10 - version 10.5.5.x and 10.5.6.x
• Dell VxRail Appliance - multiple models and versions

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

GitHub published a security advisory to address a vulnerability in tj-actions/changed-files GitHub Actions - versions 45.07 and prior.

Review the provided GitHub Security Advisory and perform the suggested mitigations.

VMware released a security advisory to address multiple vulnerabilities in VMWare Tanzu GemFire - versions prior to 10.0.6.

Review the VMware security advisory VMware VMSA-2025-002 and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 134.0.3124.66.

Review the following advisories and apply the necessary updates:

• Microsoft Edge Extended Stable Channel Release Notes - March 11, 2025
• Microsoft Edge Extended Stable Channel Release Notes - March 12, 2025

Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 133.16.4.99.

Review the Security Advisory and apply the necessary updates.

There are reports of ongoing and increased exploitation of CVE-2024-4577 ¹,²,³, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows.

Windows-based PHP installations configured to use PHP-CGI are specifically at risk as the vulnerability exploits Unicode processing in the CGI module.

Organizations should determine if they are at risk by verifying whether they are running vulnerable versions of PHP installed on Windows.

Organizations are advised to update to the following versions of PHP:

• PHP 8.3 - update to 8.3.8 or later
• PHP 8.2 - update to 8.2.20 or later
• PHP 8.1 - update to 8.1.29 or later

1. GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign
2. Unmasking the new persistent attacks on Japan
3. Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
4. CVE-2024-4577 - Primary and the most effective mitigation is to upgrade PHP to the latest versions
5. NCSC NZ - Vulnerability affecting PHP on Windows

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.9.2, 17.8.5 and 17.7.7
• GitLab Enterprise Edition (EE) - versions prior to 17.9.2, 17.8.5 and 17.7.7

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Cray EX235a Accelerator Blade - versions prior to v2.1.0 (HFP 25.1.2)
• HPE Cray EX235n Server - versions prior to v1.5.1 (HFP 24.10.1)
• HPE Cray EX255a Accelerator Blade - versions prior to v1.4.0 (HFP 25.1.2)
• HPE Cray EX425 Compute Blade - versions prior to v1.7.6 (HFP 24.10.1)
• HPE Cray EX4252 Compute Blade - versions prior to v2.0.1 (HFP 25.1.2)
• HPE ProLiant XL225n Gen10 Plus 1U Node - versions prior to v3.60_01-16-2025
• HPE ProLiant XL645d Gen10 Plus Server - versions prior to v3.40_10-04-2024 (HFP 24.11.0)
• HPE ProLiant XL675d Gen10 Plus Server - versions prior to v3.40_10-04-2024 (HFP 24.11.0)
• HPE Cray XD665 - versions prior to v1.50 On the Portal HPE Cray SC XD665 Firmware Pack 2024.09.00
• HPE Cray XD675 - versions prior to v3.1.5 (HPE Cray SC XD665 Firmware Pack 2024.09.00)

Cisco published a security advisory to address a vulnerability in the Cisco IOS XR - multiple versions and platforms.

Review the Cisco Security Advisory and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• JunoOS - versions prior to 21.2R3-S9
• JunoOS 21.4 - versions prior to 21.4R3-S10
• JunoOS 22.2 - versions prior to 22.2R3-S6
• JunoOS 22.4 - versions prior to 22.4R3-S6
• JunoOS 23.2 - versions prior to 23.2R2-S3
• JunoOS 23.4 - versions prior to 23.4R2-S4
• JunoOS 24.2 - versions prior to 24.2R1-S2, 24.2R2

• Juniper Networks Security - JSA93446
• Juniper Networks Security Advisories

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Commerce Cloud - versions HY-COM 2205 and COM-CLOUD 2211
• SAP Commerce (Swagger UI) - version COM_CLOUD 2211
• SAP NetWeaver (ABAP Class Builder) - multiple versions

Ivanti published a security advisory to address a vulnerability in Ivanti Secure Access Client (ISAC) - version 22.7R3 and prior.

Review the Ivanti Security Advisory - March security advisory Ivanti Secure Access Client and apply the necessary updates.

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiADC - multiple versions
• FortiIsolator 2.4 - versions 2.4.0 to 2.4.5
• FortiSandbox - multiple versions
• FortiSIEM - multiple versions

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Remote Desktop client for Windows Desktop
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows App Client for Windows Desktop
• Windows Server - multiple versions and platforms

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Acrobat 2024 - version 24.001.30225 and prior
• Acrobat 2020 - version 20.005.30748 and prior
• Acrobat Reader 2020 - version 20.005.30748 and prior
• Acrobat DC - version 25.001.20428 and prior
• Acrobat Reader DC - version 25.001.20428 and prior
• Adobe Illustrator 2024 - version 28.7.4 and prior
• Adobe Illustrator 2025 - version 29.2.1 and prior
• Adobe InDesign - version ID19.5.2 and prior, version ID20.1 and prior
• Adobe Substance 3D Designer - version 14.1 and prior
• Adobe Substance 3D Modeler - version 1.15 and prior
• Adobe Substance 3D Painter - version 10.1.2 and prior
• Adobe Substance 3D Sampler - version 4.5.2 and prior

HPE published a security advisory to address vulnerabilities in HPE HPE Cray XD670 - versions prior to BMC v1.19.

Review the HPE security bulletins and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.3.2
• macOS Sequoia - versions prior to 15.3.2
• Safari - versions prior to 18.3.1

• Apple security update - iOS 18.3.2 and iPadOS 18.3.2
• Apple security update - macOS Sequoia 15.3.2
• Apple security update - Safari 18.3.1

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 134.0.6998.88 for Linux and prior to 134.0.6998.88/89 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM API Connect - versions V10.0.5.0 to V10.0.5.8 and V10.0.8.0 to 10.0.8.1
• IBM App Connect Enterprise Certified Containers Operands - CD: 12.0.7.0-r4 to 12.0.12.5-r1, 13.0.1.0-r1 to 13.0.2.0-r1
• IBM App Connect Enterprise Certified Containers Operands - 12.0 LTS: 12.0.12-r1 to 12.0.12-r7
• IBM App Connect Operator - CD: 7.2.0-11.6.0, 12.1.0 to 12.7.0
• IBM App Connect Operator - 12.0 LTS: 12.0.0 to 12.0.7
• IBM DataStage on Cloud Pak for Data - version 4.8.4
• IBM Jazz Foundation - version 7.0.2
• IBM Netcool Operations Insight - versions 1.4 to 1.4.12, 1.5 to 1.5.0.1 and 1.6 to 1.6.13
• IBM Observability with Instana (OnPrem) - versions 1.0.287 to 1.0.290
• IBM Qiskit SDK - versions 0.18.0 to 1.4.1
• IBM Total Storage Service Console (TSSC) / TS4500 IMC - versions 9.4.14, 9.4.21, 9.4.26, 9.4.31, 9.5.8, 9.6.10 and 9.6.15
• IBM watsonx Assistant Cartridge - versions 4.0 to 5.1.0
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component - versions 5.0 to 5.1.0

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• GSDC Platform On-prem - version 3.6.2
• IBM Aspera Shares - versions 1.9.9 to 1.10.0 PL7
• IBM Engineering Requirements Management DOORS Next - versions 7.0.2, 7.0.3 and 7.1
• IBM Instana Observability - build 1.0.287
• ICP - Discovery - versions 4.0.0 to 4.8.7 and versions 5.0.0 to 5.1.0
• SPSS Collaboration and Deployment Services - version 8.5
• Watson Studio on Cloud Pak for Data - versions 4.0.0 to 4.8.6 and versions 5.0.0 to 5.0.3
• watsonx.data - version 2.1

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Data Protection Search - versions 19.6.0, 19.6.1, 19.6.2, 19.6.3, 19.6.4 and 19.6.5
• Dell Integrated Data Protection Appliance - version 2.7.8 and prior
• Dell Secure Connect Gateway - Appliance - version 5.26.00.20
• PowerStore 500T, 1000T, 1200 T, 3000T, 3200Q, 3200T, 5000T, 5200T, 7000T, 9000T and 9200T - versions prior to 4.0.1.2-2445526
• PowerStore 1000X, 3000X, 5000X, 7000X and 9000X - versions prior to ESXi70U3s-24585291

This Microsoft Security blog post details a malvertising campaign that distributes information-stealing malware via GitHub. Attackers use deceptive ads to trick users into downloading malicious files. These files, hosted on GitHub, execute data theft operations once installed. Microsoft warns users to remain vigilant and avoid clicking on suspicious advertisements.

Review the Microsoft blog post and apply/do the recommended mitigations to protect and detect malicious activity.

VMware released a security advisory to address vulnerabilities in the following products:

• VMware ESXi - versions 8.0 and 7.0
• VMware Workstation - version 17.x
• VMware Fusion - version 13.x
• VMware Cloud Foundation - versions 5.x and 4.5.x
• VMware Telco Cloud Platform - versions 5.x, 4.x, 3.x, 2.x
• VMware Telco Cloud Infrastructure - versions 3.x, 2.x

• VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)
• Security Advisories - VMware Cloud Foundation

Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 128.8
• Firefox ESR - versions prior to 115.21
• Firefox - versions prior to 136

• Mozilla Security Advisory (MFSA 2025-16)
• Mozilla Security Advisory (MFSA 2025-15)
• Mozilla Security Advisory (MFSA 2025-14)

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 134.0.6998.35 for Linux and prior to 134.0.6998.35/36 for Windows and 134.0.6998.44/45 for Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Qualcomm published a security bulletin to address vulnerabilities affecting multiple chipsets.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking OS10 - version 10.5.4.x
• Dell Policy Manager for Secure Connect Gateway - version 5.26.00.18
• Dell PowerScale OneFS - versions 9.4.0.0 to 9.5.1.1
• Dell PowerScale OneFS - versions 9.5.0.0 to 9.7.1.4
• Dell PowerScale OneFS - versions 9.8.0.0 to 9.9.0.1
• Integrated System for Microsoft Azure Stack Hub 14G - versions prior to 2407
• Integrated System for Microsoft Azure Stack Hub 14G - versions prior to 2411
• Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2411
• Dell PowerEdge R750XA - versions prior to 1.0
• Dell PowerEdge R7515 - versions prior to 1.0
• Dell PowerEdge R7525 - versions prior to 1.0
• Dell PowerEdge R760XA - versions prior to 1.0
• Dell PowerEdge R7615 - versions prior to 1.0
• Dell PowerEdge R7625 - versions prior to 1.0
• Dell PowerEdge XE9680 - versions prior to A00

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cloud Pak for Business Automation - versions 24.0.1, V24.0.0 to V24.0.0 to IF003 and unsupported versions
• IBM Cognos Analytics - versions 11.2.0 to 11.2.4 FP5 and 12.0.0 to 12.0.4
• IBM Jazz Reporting Service - versions 7.0.2 and 7.0.3
• IBM Software Support App (iOS) - version 1.0.0
• IBM Software Support app (Android) - version 1.0.0
• IBM Storage Virtualize - multiple versions
• IBM TXSeries for Multiplatforms - versions 8.1, 8.2, 9.1 and 10.1
• IBM Watson Speech Services Cartridge - version 4.0.0 to 5.1.0
• IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data - versions 4.8.4 to 4.8.5 and 5.0.0 to 5.1.0
• watsonx.data - versions 2.0.2 to 2.1.0 and 2.1

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.9.1, 17.8.4 and 17.7.6
• GitLab Enterprise Edition (EE) - versions prior to 17.9.1, 17.8.4 and 17.7.6

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.141 for Linux and prior to 133.0.6943.141/142 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

HPE published a security advisory to address vulnerabilities in the following products:

• Console Clim Utilities T0697 - versions T0697H01^AAA and T0697H01^AAQ
• CLIM DVD Installation Software T0853 - versions T0853L03-T0853L03^DDA, T0989L03-T0989L03^DDA, T0976L03-T0976L03^DDA and T0853J03-T0853J03^CEE
• HPE Cray EX425 Compute Blade - versions prior to v1.7.6 (HFP 24.11.0)

• HPE Security Bulletin - hpesbns04778
• HPE Security Bulletin - hpesbcr04811
• HPE Security Bulletin Library

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

• Ubuntu Security Notice - LSN-0109-1
• Ubuntu Security Notice - USN-7277-1
• Ubuntu Security Notice - USN-7276-1

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cognos Controller - versions 11.0.0 to 11.0.1 FP3
• IBM Controller - version 11.1.0
• IBM CP4MCM - versions 2.3 to 2.3 FP9
• IBM Data Virtualization on Cloud Pak for Data - multiple versions
• Maas360 Configuration Utility - versions 2.90.000 to 3.000.950
• Maas360 Mobile Enterprise Gateway - versions 2.90.000 to 3.000.800
• IBM Watson Query on Cloud Pak for Data - multiple versions
• Watson Studio on Cloud Pak for Data - Execution Engine for Apache Hadoop - version 5.0

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking S5448F-ON - versions prior to 3.52.5.1-12
• Dell Networking Z9432F-ON - versions prior to 3.51.5.1-21
• Dell Networking Z9664F-ON - versions prior to 3.54.5.1-9
• Networker Management Console - versions 19.11 to 19.11.0.3 and versions prior to 19.10.0.7
• PowerPath Management Appliance - version 4.0 P02
• PowerStore 500T, 1000T, 1200T, 3000T, 3200Q, 3200T, 5000T, 5200T, 7000T, 9000T and 9200T - versions prior to 4.1.0.0-2435323
• RecoverPoint for Virtual Machines - versions 6.0 SP1, 6.0 SP1 P1 and 6.0 SP1 P2

Signal updates containing hardened features to help protect against phishing campaigns affecting the following products:

• Signal iOS - as of today, versions prior to 7.47 (latest version)
• Signal Android - as of today, versions prior to 7.33.2 (latest version)

• Updating Signal

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 132.0.2957.171.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

As part of BGD e-GOV CIRT continuous efforts to monitor emerging threats and vulnerabilities that could compromise national security, our Cyber Threat Intelligence Unit has identified 600 vulnerable PRTG instances in Bangladesh affected by CVE-2018-19410-a critical-severity vulnerability. This....

OpenSSH published a security advisory to address vulnerabilities in OpenSSH - versions 6.8p1 to 9.9p1.

Review the OpenSSH Release Note and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• Junos OS - multiple versions
• Junos OS Evolved - multiple versions
• Junos Space - versions prior to 24.1R2

Citrix published security advisories to address vulnerabilities in the following products:

• NetScaler Console 14.1 - versions prior to 14.1-38.53
• NetScaler Console 13.1 - versions prior to 13.1-56.18
• NetScaler Agent 14.1 - versions prior to 14.1-38.53
• NetScaler Agent 13.1 - versions prior 13.1-56.18

Mozilla published security advisories to address vulnerabilities in Firefox - versions prior to 135.0.1.

Review the Mozilla security bulletins and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.126 for Linux and prior to 133.0.6943.126/127 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions

Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)- released a joint Cybersecurity Advisory, Ransomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.

Ghost actors conduct these widespread attacks, targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.

Review this joint advisory and apply the recommended mitigations to protect and detect malicious activity.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.10

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar NDMP Accelerator - multiple versions
• Dell Avamar Server Hardware Appliance Gen4T/Gen5A - multiple versions
• Dell Avamar Virtual Edition - multiple versions
• Dell Avamar VMware Image Proxy - multiple versions
• Dell Networker Virtual Edition (NVE) - multiple versions
• Dell Power Protect DP Series Appliance - version 2.7.8 and prior running on SLES12SP5
• PowerPath Management Appliance - version 4.0 P02

• Dell Security Advisory DSA-2025-081
• Dell Security Advisory DSA-2025-094
• Dell Security advisories and notices

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 133.0.3065.69.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

PostgreSQL published a security advisory to address vulnerabilities in PostgreSQL - 13.x versions prior to 13.19, 14.x versions prior to 14.16, 15.x versions prior to 15.11, 16.x versions prior to 16.7 and 17.x versions prior to 17.3.

Review the PostgreSQL Advisory - quoting APIs miss neutralizing quoting syntax in text that fails encoding validation and apply the necessary updates.

Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• PAN-OS 11.2 - versions prior to 11.2.4-h4
• PAN-OS 11.1 - versions prior to 11.1.6-h1
• PAN-OS 10.2 - versions prior to 10.2.13-h3
• PAN-OS 10.1 - versions prior to10.1.14-h9

• Palo Alto Networks Security Advisories - CVE-2025-0108
• Palo Alto Network Security Advisories

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.98 for Linux and prior to 133.0.6943.98/.99 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.8.2, 17.7.4 and 17.6.5
• GitLab Enterprise Edition (EE) - versions prior to 17.8.2, 17.7.4 and 17.6.5

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Library - @sap/approuter - version 2.6.1 to 16.7.1
• SAP BusinessObjects Business Intelligence platform (Central Management Console) - versions ENTERPRISE 430 and 2025
• SAP Enterprise Project Connection - version 3.0
• SAP NetWeaver AS Java (User Admin Application) Version - version 7.50
• SAP Supplier Relationship Management (Master Data Management Catalog) - version SRM_MDM_CAT 7.52

Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure (ICS) - version 22.7R2.5 and prior
• Ivanti CSA - version 5.0.4 and prior
• Ivanti Policy Secure (IPS) - version 22.7R1.2 and prior
• Ivanti Secure Access Client (ISAC) - version 22.7R4 and prior

• Ivanti - February Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)
• Ivanti - Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)
• Ivanti Security Advisories

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiOS 7.6 - version 7.6.0
• FortiOS 7.4 - versions 7.4.0 to 7.4.4
• FortiOS 7.2 - versions 7.2.0 to 7.2.9 and versions 7.2.4 to 7.2.8
• FortiOS 7.0 - versions 7.0.0 to 7.0.15
• FortiOS 6.4 - all versions
• FortiPortal 7.4 - version 7.4.0 to 7.4.2
• FortiPortal 7.2 - version 7.2.0 to 7.2.6
• FortiPortal 7.0 - version 7.0.0 to 7.0.11

• Fortinet PSIRT - FG-IR-25-015
• Fortinet PSIRT - FG-IR-24-160
• Fortinet PSIRT - FG-IR-24-302
• Fortinet PSIRT Advisories

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• System Center 2019, 2022 and 2025
• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Azure - multiple versions and platforms
• Microsoft Dynamics 365 Sales
• Microsoft Excel 2016 - version 16.0.5487.1000
• Microsoft Office - multiple versions and platforms
• Microsoft SharePoint - multiple versions and platforms
• Microsoft Visual Studio - multiple versions
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe Commerce - multiple versions
• Adobe Commerce B2B - multiple versions
• Adobe Illustrator 2024 - version 28.73 and prior
• Adobe Illustrator 2025 - version 29.1 and prior
• Adobe InCopy - version 19.5.1 and prior, version 20.0 and prior
• Adobe InDesign - version ID19.5.2 and prior, version ID20.1 and prior
• Adobe Magento Open Source - multiple versions
• Adobe Substance 3D Designer - version 14.0.2 and prior

HPE published a security advisory to address vulnerabilities in the following products:

• HPE ProLiant DL145 Gen11 - versions prior to v1.30_10-04-2024
• HPE ProLiant DL325 Gen10 Plus server - versions prior to v3.40_10-04-2024
• HPE ProLiant DL325 Gen10 Plus v2 server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL325 Gen10 Server - versions prior to 3.30_10-04-2024
• HPE ProLiant DL325 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant DL345 Gen10 Plus server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL345 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant DL365 Gen10 Plus server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL365 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant DL385 Gen10 Plus server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL385 Gen10 Plus v2 server - versions prior to 3.40_10-04-2024
• HPE ProLiant DL385 Gen10 Server - versions prior to 3.30_10-04-2024
• HPE ProLiant DL385 Gen11 Server - versions prior to v1.70_09-06-2024
• HPE ProLiant XL225n Gen10 Plus 1U Node - versions prior to 3.40_10-04-2024
• HPE ProLiant XL645d Gen10 Plus Server - versions prior to 3.40_10-04-2024
• HPE ProLiant XL675d Gen10 Plus Server - versions prior to v3.40_10-04-2024

Intel published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Intel® RealSense™ Advisory
• Intel® MLC Software Advisory
• BIOS and System Firmware Update Package Advisory
• Intel® 800 Series Ethernet Driver Software

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.3.1
• iPadOS - versions prior to 17.7.5

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• CP4NA - version 2.7.6
• GDSC Platform On-prem - version 3.6.1
• IBM Asset Data Dictionary Component - version 1.1
• IBM Cloud Pak for Business Automation - multiple versions
• IBM Cloud Pak for Security - versions 1.10.0.0 to 1.10.11.0
• IBM Cloud Pak System - multiple versions
• IBM dashDB Local - version 11.5.8.0 to refresh 8
• IBM Observability with Instana (OnPrem) - build 281-287
• IBM Security QRadar EDR - version 3.12
• IBM QRadar Suite Software - version 1.10.12.0 to 1.10.24.0
• IBM watsonx.data - version 1.0.0 to 2.0.0
• PUB - version 7.0.2 and 7.0.3

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 24.10

• USN-7233-3: Linux kernel (Azure) vulnerabilities
• USN-7234-3: Linux kernel (Azure) vulnerabilities
• USN-7238-3: Linux kernel (Low Latency) vulnerabilities

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5A, Gen4T - versions 19.4, 19.7, 19.8, 19.9, 19.10 and 19.10 SP1
• Dell Avamar Virtual Edition - multiple versions and platforms
• Dell Protection Advisor - versions 19.9, 19.10 and 19.11
• Dell VxRail Appliance - versions 0.000 to 8.0.320

• Dell Security Advisory DSA-2025-065
• Dell Security Advisory DSA-2025-071
• Dell Security Advisory DSA-2025-075

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Enterprise Certified Container - multiple versions
• IBM Operational Decision Manager - versions 8.11.0.1, 8.11.1.0, 8.12.0.1 and 9.0.0.1
• IBM QRadar Deployment Intelligence App - version 1.0.0 to 3.0.15
• IBM Watson Assistant for IBM Cloud Pak for Data - versions 4.0.0 to 4.8.7
• IBM Watson Studio on Cloud Pak for Data - Execution Engine for Apache Hadoop - version 5.0
• IBM watsonx.data - versions 1.1.0 to 2.1.0

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 133.0.3065.51.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco IOS - versions 15.2E, 15.5SY and 15.9M
• Cisco IOS XE - versions 3.11E, 16.12, 17.9, 17.12 and 17.15
• Cisco IOS XR - versions 24.2 and prior, 24.3, 24.4 and 25.2
• Cisco Identity Services Engine (ISE) - versions 3.0, 3.1, 3.2 and 3.3

• Cisco Security Advisory - cisco-sa-snmp-dos-sdxnSUcW
• Cisco Security Advisory - cisco-sa-ise-multivuls-FTW9AOXF
• Cisco Security Advisories

F5 published Quarterly Security Notifications for multiple products. Included were updates for the following:

• BIG-IP (all modules) - multiple versions
• BIG-IP Next SPK - multiple versions
• BIG-IP (PEM) - multiple versions
• BIG-IP (ASM) - multiple versions
• BIG-IP (APM) - versions 16.1.3 to 16.1.4
• BIG-IP (AFM) - multiple versions
• BIG-IP Next CNF - versions 1.1.0 to 1.3.3

Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication - version 12.2.0.334 and prior
• Veeam Service Provider Console - version 8.1.0.21377 and prior

HPE published a security advisory to address vulnerabilities in HPE Aruba Networking ClearPass Policy Manager - 6.12.x versions prior to 6.12.3 and 6.11.x versions prior to 6.11.9.

Review the HPE security bulletins and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird - versions prior to 135
• Thunderbird ESR - versions prior to 128.7
• Firefox ESR - versions prior to 128.7
• Firefox ESR - versions prior to 115.20
• Firefox - versions prior to 135

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 133.0.6943.53 for Linux and prior to 33.0.6943.53/54 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.