Patch administration is without doubt one of the oldest and most well-known IT and safety duties, however it stays a bane of admins’ existence. From buggy patches and time-consuming processes to fears of enterprise downtime and elevated complexity as a result of distant employees, patch administration is not the simplest process for IT and safety professionals.
But it’s a fixed fear.
Fifty-four p.c of Ponemon Institute’s “2024 State of Cyber Danger within the Age of AI” respondents cited unpatched vulnerabilities as the highest cyber-risk at their group. And it is no shock why — as of the writing of this text, NIST’s Nationwide Vulnerability Database has obtained a median of 136 new CVEs a day this 12 months.
Whereas not all vulnerabilities are crucial, groups should concentrate on them. Listed below are three that made the information this week.
SAP NetWeaver vulnerability underneath assault by APT and ransomware teams
A crucial vulnerability, CVE-2025-31324, in SAP NetWeaver’s Visible Composer improvement software program is underneath assault by ransomware teams and Chinese language superior persistent menace actors. The flaw, which has a CVSS rating of 9.8, allows unauthenticated distant code execution. Initially reported by cybersecurity firm ReliaQuest on April 22, the vulnerability has attracted a number of menace actors. SAP launched an emergency patch on April 24, however attackers proceed to take advantage of it.
Samsung MagicINFO Server PoC underneath exploit
Risk actors are actively exploiting a crucial vulnerability, CVE-2025-4632, in Samsung’s digital signage administration product. The MagicINFO Server 9 flaw, which obtained a CVSS rating of 9.8, allows attackers to put in writing arbitrary information with system authority. Bug disclosure group SSD Safe Disclosure reported the problem to Samsung on January 12 and printed a proof of idea (PoC) on April 30. Safety corporations Arctic Wolf and Huntress noticed exploitation makes an attempt in early Could, with some assaults linked to Mirai botnet actions. Samsung issued a hotfix on Could 8, although researchers famous that the patch requires set up of a selected earlier model first. The PoC bypasses variations patched towards CVE-2024-7399, a restricted listing vulnerability disclosed and patched final 12 months.
Learn the total story by Alexander Culafi on Darkish Studying.
Chat app vulnerability exploited months after patch launched
A Turkish cyberespionage group often called Sea Turtle has been exploiting a crucial vulnerability in Output Messenger to spy on Kurdish navy forces in Iraq since April 2024, Microsoft reported. The messaging app, marketed as a non-public, safe enterprise messaging service, was compromised utilizing DNS hijacking or typosquatting to achieve customers’ credentials. The attackers exploited a listing traversal vulnerability to plant backdoors that enabled them to intercept communications. Output Messenger’s developer, Srimax, stated it patched this subject on Dec. 25, however Microsoft reported that unpatched methods proceed to be focused.
Patch administration assets
Be taught extra about enterprise patch administration right here:
Editor’s observe: Our workers used AI instruments to help within the creation of this information temporary.
Sharon Shea is government editor of Informa TechTarget’s SearchSecurity web site.
