In this episode of the CyberHub Podcast, recorded on Wednesday, March 12, 2025, the focus is squarely on the massive Patch Tuesday updates and other emerging cyber developments.
From multiple zero-day disclosures in Microsoft products to major patches for Apple, Adobe, SAP, and industrial control systems, the stories underscore the constant need to stay vigilant with timely maintenance.
Additional insights include malicious NPM packages, a new botnet preying on home routers, a significant lawsuit against National General/Allstate for repeated data breaches, and news about a key government cyber appointment.
Microsoft Patch Tuesday: Six Actively Exploited Zero-Days
Microsoft addressed fifty-seven vulnerabilities, marking a relatively lower count than recent months. However, six of these are actively exploited zero-days, notably affecting Windows NTFS (CVE-2025-24984, -24993, -24999) and a Microsoft Management Console flaw (CVE-2025-26633). Another public zero-day in Microsoft Office Access (CVE-2025-26630) can enable remote code execution when users open a malicious Access file. Administrators are urged to prioritize these patches immediately.
Broad Patching from Avanti, Cisco, Broadcom, and Fortinet
Multiple vendors including Avanti, Cisco, Broadcom, and Fortinet also released their own Tuesday updates, covering vulnerabilities ranging from remote code execution to privilege escalation. Security teams using any of these platforms should review release notes and quickly deploy all relevant patches.
Adobe Fixes 35 Security Flaws
Adobe issued updates resolving at least thirty-five vulnerabilities across Acrobat (Windows, macOS), InDesign, and the Substance 3D Sampler suite. Several are critical and could allow arbitrary code execution or memory leaks. Given Adobe’s ubiquity in creative and enterprise environments, these updates warrant prompt action.
SAP’s March Security Patch Release
SAP published twenty-one new and three updated security notes, addressing issues in Commerce, NetWeaver, and Commerce Cloud, among others. The most severe bugs (CVE-2025-27434, CVE-2025-26661) score an 8.8 CVSS, involving cross-site scripting and missing authorization checks. Multiple medium-priority notes affect solutions like Business One, S/4HANA, and Fiori apps. SAP administrators should update immediately to avert potential disruptions.
Apple Patches Actively Exploited WebKit Flaw
Apple joined Patch Tuesday by pushing iOS/iPadOS 18.3.2 updates, fixing a zero-day (CVE-2025-24201) already exploited in targeted attacks. The flaw lets threat actors break out of the WebKit sandbox, a technique linked to sophisticated spyware campaigns. Users are urged to update their devices to avoid potential zero-click exploits.
Industrial Control System (ICS) Updates: Schneider Electric & Siemens
Both Schneider Electric and Siemens released advisories for SCADA/ICS products. Schneider addressed critical issues in its EcoStruxure suite, including default password vulnerabilities that could allow command execution. Siemens published eleven new advisories, highlighting a severe unlocked bootloader bug in certain servo drives (CVE-2024-56336). CISA also released two ICS advisories, underscoring the rising risk to operational technology.
Lazarus Group Targets NPM Packages
North Korea-linked Lazarus actors remain active by planting malicious NPM libraries. Discovered packages—like BufferValidator and Auth Validator—steal credentials, deploy backdoors, and harvest cryptocurrency info. Although the packages collectively garnered just a few hundred downloads, any compromise in open-source dependencies can cascade across unsuspecting organizations. The packages are listed below.
is-buffer-validator – Malicious package mimicking the popular is-buffer library to steal credentials.
yoojae-validator – Fake validation library used to extract sensitive data from infected systems.
event-handle-package – Disguised as an event-handling tool but deploys a backdoor for remote access.
array-empty-validator – Fraudulent package designed to collect system and browser credentials.
react-event-dependency – Poses as a React utility but executes malware to compromise developer environments.
auth-validator – Mimics authentication validation tools to steal login credentials and API keys.
Botnet Infecting TP-Link Archer Routers
A newly discovered botnet exploits a firmware vulnerability (CVE-2022-31389) in TP-Link Archer routers. Likely operated out of Italy, the threat group spreads malware via unpatched devices, demonstrating how unmaintained home networking equipment can become a weak link in enterprise security when remote employees connect from compromised home networks.
New York AG Sues National General & Allstate
New York Attorney General Letitia James filed a lawsuit against National General and its parent company, Allstate, citing two data breaches in 2020 and 2021. The complaint alleges that after the first breach, the insurer took no remediation steps, setting the stage for another compromise. The suit calls out failures to adopt “reasonable data security safeguards,” opening discussion about setting a legal precedent for minimum cybersecurity standards.
Sean Planky Nominated to Lead CISA
President Donald Trump’s nomination of Sean Planky—former Department of Energy official and Coast Guard veteran—to head CISA signals a move toward a cyber-savvy leadership. Planky’s credentials include offensive cyber operations experience at U.S. Cyber Command. Practitioners hope this appointment accelerates both public-private cyber collaboration and more robust national cybersecurity policies.
Action List
Prioritize Microsoft Patches: Address six actively exploited zero-days promptly.
Check Adobe & SAP Updates: Deploy critical fixes to prevent code execution attacks.
Upgrade Apple Devices: Update to iOS/iPadOS 18.3.2 to avoid WebKit-based exploits.
Patch ICS Systems: Focus on Schneider Electric and Siemens solutions to protect OT environments.
Review NPM Dependencies: Hunt for suspicious packages (e.g., BufferValidator) to prevent Lazarus intrusions.
Assess Home Router Security: Monitor employees using TP-Link Archer routers, enforcing patch requirements.
Establish Baseline Security Standards: Watch the New York AG’s lawsuit for potential legal precedents on “reasonable safeguards.”
Stay Informed on Federal Cyber Appointments: Anticipate policy shifts and tighter collaboration with CISA under new leadership.
✅ Story Links:
https://www.securityweek.com/patch-tuesday-critical-code-execution-bugs-in-acrobat-and-reader/
https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-commerce-netweaver/
https://www.securityweek.com/apple-ships-ios-18-3-2-to-fix-already-exploited-webkit-flaw/
https://therecord.media/ballista-botnet-tp-link-archer-routers
https://www.securityweek.com/new-york-sues-insurance-giant-over-data-breaches/
https://therecord.media/plankey-nominated-to-run-cisa
Level Zero Conference Discount Code: L020RESPOND at www.levelzeroconference.com
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post