It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services.
Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Elsewhere, Adobe released updates for Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and DNG SDK. The company said it’s not aware of in-the-wild exploitation of any of the shortcomings.
SAP shipped fixes for two critical-severity vulnerabilities, including a code injection bug in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS score: 9.9) that an authenticated attacker could use to run an arbitrary SQL statement and lead to a full database compromise.
The second critical vulnerability is a case of a missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform (CVE-2026-0509, CVSS score: 9.6) that could permit an authenticated, low-privileged user to perform certain background Remote Function Calls without the required S_RFC authorization.
“To patch the vulnerability, customers must implement a kernel update and set a profile parameter,” Onapsis said. “Adjustments in user roles and UCON settings might be required to not interrupt business processes.”
Rounding off the list, Intel and Google said they teamed up to examine the security of Intel Trust Domain Extensions (TDX) 1.5, uncovering five vulnerabilities in the module (CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467), and nearly three dozen weaknesses, bugs, and improvement suggestions.
“Intel TDX 1.5 introduces new features and functionality that bring confidential computing significantly closer to feature parity with traditional virtualization solutions,” Google said. “At the same time, these features have increased the complexity of a highly privileged software component in the TCB [Trusted Computing Base].”
Software Patches from Other Vendors
Security updates have also been released by other vendors in recent weeks to rectify several vulnerabilities, including —
- ABB
- Amazon Web Services
- AMD
- AMI
- Apple
- ASUS
- AutomationDirect
- AVEVA
- Broadcom (including VMware)
- Canon
- Check Point
- Cisco
- Citrix
- Commvault
- ConnectWise
- D-Link
- Dassault Systèmes
- Dell
- Devolutions
- dormakaba
- Drupal
- F5
- Fortinet
- Foxit Software
- FUJIFILM
- Fujitsu
- Gigabyte
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Grafana
- Hikvision
- Hitachi Energy
- HP
- HP Enterprise (including Aruba Networking and Juniper Networks)
- IBM
- Intel
- Ivanti
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electric
- MongoDB
- Moxa
- Mozilla Firefox and Thunderbird
- n8n
- NVIDIA
- Phoenix Contact
- QNAP
- Qualcomm
- Ricoh
- Rockwell Automation
- Samsung
- Schneider Electric
- ServiceNow
- Siemens
- SolarWinds
- Splunk
- Spring Framework
- Supermicro
- Synology
- TP-Link
- WatchGuard
- Zoho ManageEngine
- Zoom, and
- Zyxel
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments