Over 60 Software Vendors Release Critical Security Updates Across Platforms
In a concerted effort to bolster cybersecurity defenses, over 60 software vendors have issued critical security patches addressing vulnerabilities across operating systems, cloud services, and network platforms. This coordinated release underscores the industry’s commitment to safeguarding users against potential threats.
Microsoft’s Comprehensive Security Updates
Microsoft has rolled out fixes for 59 vulnerabilities, notably addressing six zero-day exploits actively being used in the wild. These vulnerabilities span various Windows components and could potentially allow attackers to bypass security features, escalate privileges, or cause denial-of-service (DoS) conditions. Users are strongly advised to apply these updates promptly to mitigate associated risks.
Adobe’s Product Enhancements
Adobe has released updates for several of its products, including Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and DNG SDK. The company has stated that, to its knowledge, none of the addressed vulnerabilities have been exploited in the wild. Nevertheless, users are encouraged to update their software to benefit from enhanced security measures.
SAP’s Critical Vulnerability Patches
SAP has addressed two critical vulnerabilities:
– CVE-2026-0488: A code injection flaw in SAP CRM and SAP S/4HANA with a CVSS score of 9.9. An authenticated attacker could exploit this to execute arbitrary SQL statements, potentially compromising the entire database.
– CVE-2026-0509: A missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, carrying a CVSS score of 9.6. This could allow a low-privileged, authenticated user to perform certain background Remote Function Calls without the necessary S_RFC authorization.
To address these issues, SAP recommends implementing a kernel update and adjusting profile parameters. Additionally, modifications to user roles and UCON settings may be necessary to ensure uninterrupted business processes.
Intel and Google’s Collaborative Security Review
Intel and Google have collaborated to assess the security of Intel’s Trust Domain Extensions (TDX) 1.5. This review uncovered five vulnerabilities:
– CVE-2025-32007
– CVE-2025-27940
– CVE-2025-30513
– CVE-2025-27572
– CVE-2025-32467
Additionally, nearly three dozen weaknesses, bugs, and improvement suggestions were identified. Intel TDX 1.5 introduces features that bring confidential computing closer to parity with traditional virtualization solutions. However, these enhancements have also increased the complexity of a highly privileged software component within the Trusted Computing Base (TCB).
Security Updates from Other Vendors
A multitude of other vendors have also released security updates to address various vulnerabilities. Notable among them are:
– ABB
– Amazon Web Services
– AMD
– AMI
– Apple
– ASUS
– AutomationDirect
– AVEVA
– Broadcom (including VMware)
– Canon
– Check Point
– Cisco
– Citrix
– Commvault
– ConnectWise
– D-Link
РDassault Syst̬mes
– Dell
– Devolutions
– dormakaba
– Drupal
– F5
– Fortinet
– Foxit Software
– FUJIFILM
– Fujitsu
– Gigabyte
– GitLab
– Google Android and Pixel
– Google Chrome
– Google Cloud
– Grafana
– Hikvision
– Hitachi Energy
– HP
– HP Enterprise (including Aruba Networking and Juniper Networks)
– IBM
– Intel
– Ivanti
– Lenovo
– Linux distributions: AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu
– MediaTek
– Mitsubishi Electric
– MongoDB
– Moxa
– Mozilla Firefox and Thunderbird
– n8n
– NVIDIA
– Phoenix Contact
– QNAP
– Qualcomm
– Ricoh
– Rockwell Automation
– Samsung
– Schneider Electric
– ServiceNow
– Siemens
– SolarWinds
– Splunk
– Spring Framework
– Supermicro
– Synology
– TP-Link
– WatchGuard
– Zoho ManageEngine
– Zoom
– Zyxel
Users and administrators are urged to review the security advisories from these vendors and apply the necessary patches to protect their systems from potential threats.
