Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high.
Redmond’s Patch Tuesday release is once again one for the record books, with everything under the sun getting some security fixes – including 428 non-Microsoft Chromium CVEs affecting Edge that aren’t included in that 622 count. Fifty-eight of those are critical, two are under active exploit, and one has already been publicly disclosed, meaning it could join those other two in short order.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical RCE Vulnerability in Erlang/OTP SSH Server
April 22, 2025
Erlang has released updates to its OTP package to address a critical vulnerability in its Secure Shell (SSH) server. Erlang is an open-source programming language. OTP (Open Telecom Platform) is a set of Erlang libraries and middle-ware that can be used to develop applications. CVE-2025-32433 is a critical vulnerability with a CVSSv3 score of 10.0. If ...
- New Rust Botnet “RustoBot” is Routed via Routers
April 21, 2025
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Unlike previous malware targeting these devices, this variant is written in Rust—a programming language introduced by Mozilla in 2010. Due to its Rust-based implementation, we’ve named the malware “RustoBot.” In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to ...
- Cisco Releases Security Advisory for Webex App
April 17, 2025
Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system. Cisco Webex is a web conferencing software solution. CVE-2025-20236 is an ‘insufficient input validation’ vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading ...
- Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS
April 16, 2025
Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated ...
- Fortinet Releases Security Updates for FortiOS and FortiGate
April 11, 2025
Fortinet has released security updates for FortiOS to mitigate novel post-exploitation activity observed against FortiGate devices. The disclosure details a new persistence technique used by an attacker, in conjunction with known vulnerabilities, to maintain read-only access to FortiGate devices through the use of symbolic links even after the initial access vector has been remediated. Fortinet has ...
- Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks
April 10, 2025
In September 2024, NVIDIA released several updates to address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were advised to update their affected software immediately. Further research, however, uncovered that the patch was incomplete. ...

