Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Additional Resources:

    CVE-2025-29927: Critical Vulnerability Leading to Authentication Bypass in Next.js

    CVE-2025-29927: Critical Vulnerability Leading to Authentication Bypass in Next.js

    Threat Alert

    1 min read

    Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin

    Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin

    Threat Alert

    1 min read

    In this week’s Security Advisory

    • Fortinet Patches Multiple Vulnerabilities
    • Microsoft’s March Patch Tuesday Release
    • Apple Patches WebKit Zero Day
    • Security Updates Released for Google Chrome, Adobe Products, and Zoom

    Fortinet Patches Multiple Vulnerabilities

    Fortinet has released multiple advisories detailing eighteen new vulnerabilities affecting various products, eight of which are high severity. Some of the high-severity vulnerabilities include an XSS flaw, remote code execution, privilege escalation, and sensitive data exposure. The medium-severity vulnerabilities can lead to the following as well: code execution, command execution, arbitrary file writing, and bypassing web firewall protections. Fortinet stated that most of these vulnerabilities were found internally and have not seen any evidence of exploitation in the wild.

    Of note, CyberMaxx has already taken steps to globally mitigate our own equipment against these vulnerabilities.

    Affected Versions

    A full list of affected products and versions can be found here.

    Recommendations

    Apply the latest updates to the affected products.

    More Reading / Information

    Microsoft’s March Patch Tuesday Release

    Microsoft announced patches for fifty-seven vulnerabilities, including six zero-day vulnerabilities, all of which are being exploited in the wild. The vulnerabilities in total can lead to remote code execution, privilege escalation, denial of service, spoofing, and feature bypasses. It is essential to make these vulnerabilities a priority to patch.

    Affected Versions

    A full list of affected versions can be found here.

    Recommendations

    Apply the latest patches.

    More Reading / Information

    Apple Patches WebKit Zero Day

    Apple released a patch for CVE-2025-24201 this week. This zero-day vulnerability affects the WebKit web browser engine component. This allows a threat actor to craft malicious web content such that it can break out of the Web Content sandbox. This vulnerability has been exploited against users with earlier iOS versions.

    Affected Versions

    The affected version can be found here.

    Recommendations

    Upgrade to the latest available OS version on affected products.

    More Reading / Information

    Security Updates Released for Google Chrome, Adobe Products, and Zoom

    Google Chrome announced patches with an updated browser version, which has addressed fourteen new vulnerabilities. Successful exploitation of these can lead to code execution.

    Adobe has released patches for thirty-five vulnerabilities in different products. Multiple vulnerabilities were flagged as critical, and it was warned that successful exploitation could lead to arbitrary code execution and memory leaks.

    Zoom released patches for five new vulnerabilities. Three of these can be exploited by an authenticated attacker to escalate privilege via network access.

    Recommendations

    • Update Google Chrome to 134.0.6998.89 for Windows and Mac, and 134.0.6998.88 for Linux.
      • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
    • Update the affected Adobe products to the latest version.
    • Updated affected versions of Zoom to version 6.3.0.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.