patch-management
Safeguard articles tagged "patch-management" — guides, analysis, and best practices for software supply chain and application security.
53 articles
CVE-2025-9086 in cURL: Patch Posture & SBOM Response
Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.
CVE-2025-55190 in Argo CD: Patch Posture & SBOM Response
Argo CD project details API leaks repository credentials, scored CVSS 9.9. GitOps platforms are now top-tier credential targets. Defender playbook below.
CVE-2025-7775 in Citrix NetScaler: Patch Posture & SBOM Response
NetScaler ADC and Gateway memory overflow scored CVSS 9.2 and landed on CISA KEV with a 48-hour patch deadline. Here is the defender playbook.
CVE-2025-9074 in Docker Desktop: Patch Posture & SBOM Response
Docker Desktop container-to-host escape scored CVSS 9.3. Affected Windows and macOS developer fleets need a fast patch rollout. Defender playbook below.
The Real Cost of Delayed Patching in Open Source Components
Patches for open source flaws often exist for months before teams apply them. Here is what that patch lag actually costs in breaches, cleanup, and trust.
Nginx Vulnerabilities: Tracking and Patching at Scale
Nginx vulnerabilities are rare compared to application-layer bugs but high-impact when they land — here's how to track disclosures and patch fleets without breaking uptime.
Benchmarking Mean Time to Remediate Across Company Size a...
MTTR benchmarks vary 2-5x by company size and industry. See how financial services, healthcare, and mid-sized firms compare — and what a realistic 2026 target looks like.
CVE-2025-53770 in SharePoint (ToolShell): Patch Posture & SBOM Response
On-prem SharePoint deserialization flaw scored CVSS 9.8 and entered CISA KEV the day after public exploitation. Defender playbook below.
CVE-2025-49794 in libxml2: Patch Posture & SBOM Response
libxml2 use-after-free during XPath schematron parsing scored CVSS 9.1. Defender SBOM playbook for one of the most-embedded libraries on the planet.
CVE-2025-23121 in Veeam Backup & Replication: Patch Posture & SBOM Response
Veeam B&R authenticated RCE on the backup server scored CVSS 9.9. Backup infrastructure cannot be a soft underbelly. Here is the defender playbook.
CVE-2025-47884 in Jenkins OpenID Connect Provider: Patch Posture & SBOM Response
Jenkins OIDC Provider plugin token impersonation scored CVSS 9.1. Defender playbook for CI/CD identity infrastructure.
CVE-2025-22462 in Ivanti Neurons for ITSM: Patch Posture & SBOM Response
Ivanti Neurons for ITSM auth bypass scored CVSS 9.8 and grants full admin access. Defender playbook for the ITSM patching emergency.