Patch administration is likely one of the oldest and most well-known IT and safety duties, however it stays a bane of admins’ existence. From buggy patches and time-consuming processes to fears of enterprise downtime and elevated complexity resulting from distant staff, patch administration is not the simplest process for IT and safety professionals.
But it’s a fixed fear.
Fifty-four p.c of Ponemon Institute’s “2024 State of Cyber Threat within the Age of AI” respondents cited unpatched vulnerabilities as the highest cyber-risk at their group. And it is no shock why — as of the writing of this text, NIST’s Nationwide Vulnerability Database has obtained a mean of 136 new CVEs a day this 12 months.
Whereas not all vulnerabilities are vital, groups should concentrate on them. Listed below are three that made the information this week.
SAP NetWeaver vulnerability underneath assault by APT and ransomware teams
A vital vulnerability, CVE-2025-31324, in SAP NetWeaver’s Visible Composer growth software program is underneath assault by ransomware teams and Chinese language superior persistent menace actors. The flaw, which has a CVSS rating of 9.8, permits unauthenticated distant code execution. Initially reported by cybersecurity firm ReliaQuest on April 22, the vulnerability has attracted a number of menace actors. SAP launched an emergency patch on April 24, however attackers proceed to take advantage of it.
Samsung MagicINFO Server PoC underneath exploit
Risk actors are actively exploiting a vital vulnerability, CVE-2025-4632, in Samsung’s digital signage administration product. The MagicINFO Server 9 flaw, which obtained a CVSS rating of 9.8, permits attackers to jot down arbitrary information with system authority. Bug disclosure group SSD Safe Disclosure reported the problem to Samsung on January 12 and printed a proof of idea (PoC) on April 30. Safety corporations Arctic Wolf and Huntress noticed exploitation makes an attempt in early Might, with some assaults linked to Mirai botnet actions. Samsung issued a hotfix on Might 8, although researchers famous that the patch requires set up of a particular earlier model first. The PoC bypasses variations patched in opposition to CVE-2024-7399, a restricted listing vulnerability disclosed and patched final 12 months.
Learn the total story by Alexander Culafi on Darkish Studying.
Chat app vulnerability exploited months after patch launched
A Turkish cyberespionage group generally known as Sea Turtle has been exploiting a vital vulnerability in Output Messenger to spy on Kurdish army forces in Iraq since April 2024, Microsoft reported. The messaging app, marketed as a non-public, safe enterprise messaging service, was compromised utilizing DNS hijacking or typosquatting to realize customers’ credentials. The attackers exploited a listing traversal vulnerability to plant backdoors that enabled them to intercept communications. Output Messenger’s developer, Srimax, mentioned it patched this problem on Dec. 25, however Microsoft reported that unpatched techniques proceed to be focused.
Patch administration assets
Study extra about enterprise patch administration right here:
Editor’s be aware: Our employees used AI instruments to help within the creation of this information temporary.
Sharon Shea is government editor of Informa TechTarget’s SearchSecurity website.
