Here are some of the latest vulnerabilities in popular software that you should be aware of:

Windows Vulnerabilities

• CVE-2025-9491: A bug in the Windows Shortcut binary format is being exploited by a China-aligned threat group. The exploit uses an encrypted binary file to deliver the PlugX remote access trojan. "Seven months later, Microsoft still hasn’t patched the vulnerability..."

• CVE-2025-59287: A critical vulnerability in Windows Server Update Services that allows remote code execution. Microsoft issued an unscheduled update to patch this flaw. "The other Windows vulnerability was patched last week..."

Android Vulnerabilities

• 0-Day Vulnerabilities: Google released a security bulletin addressing actively exploited 0-day vulnerabilities in Android. Users are urged to update their devices to the latest security patch. "Google has released its September 2025 Android Security Bulletin..."

• Outdated Devices: Nearly a billion Android devices are at risk due to outdated software, making them vulnerable to attacks. "More than 30% of Android users are running on devices with Android 13 or older..."

Software Vendors

• Microsoft: Patched 59 vulnerabilities, including six zero-days, in their latest Patch Tuesday update. "Microsoft patched 59 flaws, including six actively exploited zero-days."

• Adobe: Released updates for several applications with no known exploitations. "Adobe released updates for several key applications with no known exploitations."

• SAP: Addressed two critical vulnerabilities in their CRM and S/4HANA platforms. "SAP addressed two critical vulnerabilities allowing for potential full database compromise."

General Security Tips

• User Awareness: Many vulnerabilities arise from poor user practices, such as weak passwords and clicking on malicious links. "It’s always people. Shitty passwords, clicking on email links."

• Regular Updates: Keeping software and systems up to date is crucial in mitigating vulnerabilities. "Automatic patching, or at least frequently patching manually yourself can help keep you patched from vulnerabilities."

Tools and Resources

• OpenCVE: A useful tool for tracking vulnerabilities by software products and vendors. "I use OpenCVE and im happy with selecting the products and vendors im interested of."

• Exploit-DB: A database for searching known exploits. "I search exploit-db for products in our inventory."

Staying informed and proactive about these vulnerabilities can help protect your systems and data from potential threats.

Cybersecurity Communities

<<rtjson>>{"c":[{"e":"ra:subreddit","id":"t5_2u559"},{"e":"ra:subreddit","id":"t5_2qh16"},{"e":"ra:subreddit","id":"t5_dkm61y"},{"e":"ra:subreddit","id":"t5_3lf13"},{"e":"ra:subreddit","id":"t5_2qrkp"},{"e":"ra:subreddit","id":"t5_2qm2p"}],"content_type":"subreddit","e":"ra:grid"}<</rtjson>>