QNAP has patched seven zero-day vulnerabilities exploited live at Pwn2Own Ireland 2025, impacting QTS, QuTS hero, and multiple NAS management apps.
The exploits were demonstrated by Summoning Team, DEVCORE, Team DDOS, and CyCraft.
Admins are urged to update to the latest builds immediately.
Follow @technadu for detailed coverage of vendor patch cycles and critical exploit disclosures.
#QNAP #ZeroDay #Pwn2Own #CyberSecurity #InfoSec #DataProtection #PatchTuesday
📰 Samsung's November Security Update Patches 45 Vulnerabilities, Including Critical Android Flaws
Samsung's November 2025 security update is here! 🛡️ It patches 45 vulnerabilities, including Google's critical zero-click RCE (CVE-2025-48593) and flaws in Exynos chips. Update your Galaxy device now! #Samsung #Android #Security #PatchTuesday
Good news for #Windows11 users – #Microsoft’s KB5067036 update finally fixes the ‘Update and Shut Down’ bug where PCs would restart instead. Check your build and apply the patch when it’s available.
Read: https://hackread.com/microsoft-fixe-update-and-shut-down-bug-windows-11/
@USBTypeSteve now it is up to us as security professionals to embarrass them into reversion.
Background: To this day - I am constantly irritated by cyber threat intel organizations that need to have some cutesy nomenclature for naming threat actors. Vendor A calls this group “Energetic Panda” and Vendor B calls this group “APT 420” and Vendor C calls this group “Syphilitic Donkey.” Makes briefing the C suite on actual threats to the enterprise annoying and more challenging than it needs to be.
But I digress.
Solution: I suggest we take this same angst and weaponize it against Microsoft. A simple random word association database can be mapped to KB numbers, of the form Adjective-Noun, where all of the nouns in this case are STDs (STIs for the Brits).
I believe that adoption in the infosec community would likely be organic, given that most of us like a good immature chuckle from time to time.
And I imagine conversations like
"Have you patched against Aggressive Chlamydia yet? I hear that has some critical updates that fix that broke in the Debilitating Herpes!"
"No - you have to patch for Unbearable Gonorrhea first and we've seen that break our production MS SQL DBs hard. There is a workaround, and we've been promised that this will be fixed with Cantankerous Chancroid due out next Tuesday."
Microsoft Issues Emergency Patch for Actively Exploited Windows Server Flaw CVE-2025-59287
#Microsoft #Cybersecurity #WindowsServer #WSUS #PatchTuesday #InfoSec #CVE #Vulnerability #Security #PatchNow #RCE #SysAdmin #ITPros #ZeroDay #Exploit
📰 Patch Now: Critical RCE Flaws in Oracle E-Business Suite Marketing Module
🚨 CRITICAL VULNS: Oracle patches two 9.8 CVSS RCE flaws in E-Business Suite Marketing (CVE-2025-53072, CVE-2025-62481). Unauthenticated attacker can gain full system access. Patch immediately! #Oracle #EBS #CVE #PatchTuesday
Oracle has patched two critical RCE vulnerabilities (CVE-2025-53072, CVE-2025-62481) with a 9.8 CVSS score in its E-Business Suite Marketing module. Apply the October 2025 CPU immediately to prevent a full system takeover.
Microsoft blocks File Explorer previews for downloaded files to prevent credential theft ⚠️
Applies to files with Mark of the Web (MotW) 🌐
Windows 11 & Server get automatic protection 🔒
Trusted files can be unblocked manually ✅
#TechNews #CyberSecurity #Windows11 #ITSecurity #DigitalSafety #Malware #CredentialTheft #PatchTuesday #OnlineSafety #Microsoft #FileExplorer #Infosec #DataProtection #ITUpdates #WindowsServer
Microsoft Disables File Explorer Preview for Internet Files to Patch NTLM Vulnerability
#Windows11 #Cybersecurity #Microsoft #Windows10 #Security #FileExplorer #NTLM #PatchTuesday #WindowsUpdate #InfoSec
TechNadu
CyberNetsecIO
Hackread.com
Tim Hergert
Winbuzzer
knoppix
Offensive Sequence
Brian Greenberg 
