More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms

As part of the latest Patch Tuesday cycle, more than 60 technology vendors have rolled out security updates addressing vulnerabilities affecting operating systems, cloud infrastructure, enterprise applications, and network devices. The coordinated wave of patches reflects the ongoing effort to strengthen cybersecurity defenses across global IT environments.

Microsoft Addresses 59 Vulnerabilities

Microsoft issued fixes for 59 security flaws, including six zero-day vulnerabilities that were actively exploited. The weaknesses impacted multiple Windows components and could allow attackers to bypass security controls, escalate privileges, or cause denial-of-service conditions.

These updates reinforce the urgency for enterprises to deploy patches promptly, especially when dealing with exploited zero-days that pose immediate risk.

Adobe Confirms No Active Exploitation

Adobe released updates covering several widely used products, including Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and the DNG SDK.

The company stated that it has not observed any of the reported vulnerabilities being exploited in real-world attacks at the time of release.

SAP Fixes Two Critical Vulnerabilities

SAP addressed two high-severity vulnerabilities, both carrying significant risk for enterprise environments.

The first issue, CVE-2026-0488 with a CVSS score of 9.9, affects SAP CRM and SAP S/4HANA. The flaw allows an authenticated attacker to inject arbitrary SQL statements, potentially leading to full database compromise.

The second vulnerability, CVE-2026-0509 with a CVSS score of 9.6, involves a missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform. This flaw could allow a low-privileged authenticated user to execute background Remote Function Calls without proper S_RFC authorization.

According to Onapsis, customers must apply a kernel update and configure a specific profile parameter to remediate the issue. Adjustments to user roles and UCON settings may also be necessary to avoid operational disruptions.

Intel and Google Review Trust Domain Extensions Security

Intel and Google collaborated to analyze the security of Intel Trust Domain Extensions (TDX) version 1.5. Their joint research uncovered five vulnerabilities in the module, identified as (CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467).

In addition to these vulnerabilities, researchers documented nearly three dozen weaknesses, bugs, and security improvement recommendations.

Google noted that while Intel TDX 1.5 advances confidential computing capabilities and brings them closer to traditional virtualization parity, the added functionality increases the complexity of the Trusted Computing Base, which remains a highly privileged component within secure architectures.

Additional Security Updates from Major Vendors

Beyond Microsoft, Adobe, SAP, Intel, and Google, numerous other vendors have released patches in recent weeks. These updates span networking equipment, enterprise software, operating systems, virtualization platforms, and cloud services.

Organizations issuing security fixes include

• ABB
• Amazon Web Services
• AMD
• AMI
• Apple
• ASUS
• AutomationDirect
• AVEVA
• Broadcom (including VMware)
• Canon
• Check Point
• Cisco
• Citrix
• Commvault
• ConnectWise
• D-Link
• Dassault Systèmes
• Dell
• Devolutions
• dormakaba
• Drupal
• F5
• Fortinet
• Foxit Software
• FUJIFILM
• Fujitsu
• Gigabyte
• GitLab
• Google Android and Pixel
• Google Chrome
• Google Cloud
• Grafana
• Hikvision
• Hitachi Energy
• HP
• HP Enterprise (including Aruba Networking and Juniper Networks)
• IBM
• Intel
• Ivanti
• Lenovo
• Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu
• MediaTek
• Mitsubishi Electric
• MongoDB
• Moxa
• Mozilla Firefox and Thunderbird
• n8n
• NVIDIA
• Phoenix Contact
• QNAP
• Qualcomm
• Ricoh
• Rockwell Automation
• Samsung
• Schneider Electric
• ServiceNow
• Siemens
• SolarWinds
• Splunk
• Spring Framework
• Supermicro
• Synology
• TP-Link
• WatchGuard
• Zoho ManageEngine
• Zoom, and
• Zyxel

Growing Importance of Patch Management

The scale of this month’s updates highlights the expanding attack surface across cloud services, industrial control systems, enterprise software, and endpoint platforms. Security teams are encouraged to prioritize vulnerability management, risk assessment, and timely patch deployment to reduce exposure.

With threat actors increasingly targeting zero-day vulnerabilities and enterprise infrastructure, proactive patching remains one of the most effective cybersecurity defense strategies.

Found this article interesting? Follow us on  X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.