Operations | Monitoring | ITSM | DevOps | Cloud

CVE 2025-11561 affects Red Hat Linux and other distributions, requiring configuration of the Kross local authentication plugin for mitigation. Linux updates differ by vendor, with some delays in addressing vulnerabilities. A VMware tools vulnerability is actively exploited, prompting a recommendation to upgrade to a supported Linux version. Additionally, CVE 2025-58438 presents a traversal vulnerability in Python libraries on both Windows and Linux, resolved by upgrading to version 5.5.0.1.

Microsoft has identified a zero-day vulnerability in the Windows kernel, rated 7.0 on the CVSS scale. Organizations often misprioritize vulnerabilities, focusing on high-severity scores instead of those actively exploited. Many lower-severity vulnerabilities are chained by attackers. A risk-based approach to vulnerability management is crucial. Current Windows OS versions are affected, and organizations should consider Extended Security Updates to mitigate risks as more zero days are anticipated.

Cisco has identified a new attack variant targeting firewalls, highlighting the need for user education on vulnerabilities. A vulnerability discovered on November 5th affects nearly 50,000 devices, with many still at risk as of September 30th. Organizations struggle to expedite updates due to complex configurations and implementation challenges. Recent research indicates that network edge devices are prime targets for zero-day vulnerabilities, emphasizing the need for improved security measures.

The UK introduces a cybersecurity bill that enforces stricter regulations for critical infrastructure. As threat actors become more aggressive and utilize AI for advanced attacks, the legislation mandates organizations to respond quickly to incidents. Vendors must notify authorities within 24 hours, and emergency powers are created to improve cybersecurity responses. The emphasis is now on managing exposure in vulnerability practices.

Whether your organization’s mobile ecosystem consists of bring-your-own devices (BYODs) or corporate-owned devices, the Android operating system is likely part of the mix and has implications on IT and security. Explore some of the latest productivity-boosting tools to help admins automate routine tasks and provide secure, available and accessible mobility for end users of Android.

In this in-depth interview with Steve Thornton, Head of Service Delivery at Gilbert+Tobin Steve reveals how the Service Desk cut the time to resolve issues, increased employee satisfaction and adopted a shift-left approach with improved career opportunities within the service desk – all with the aid of automation bots via Ivanti Neurons. Listen to how Gilbert+Tobin.

Key Takeaways November 2025 marks the first month of the Windows 10 Extended Security Updates program. If you are planning to run Windows 10 for an extended period, ensure you have upgraded to Windows 10 version 22H2. The Windows OS update is the highest priority this month as it resolves a known exploited CVE (CVE-2025-62215). Third-party updates from Adobe and Mozilla have already been released and an update for Google Chrome is expected soon, which means Edge will also need an update. November Patch Tuesday is the first Patch Tuesday after the EoL of Windows 10.

A Chrome vulnerability is identified, allowing for remote code execution. Mozilla updates Firefox and Thunderbird to fix vulnerabilities. Adobe addresses critical issues in Bridge, Animate, and Illustrator. Microsoft resolves multiple vulnerabilities in Windows 10 and 11, along with updates for Office 2016 and 2019. Exchange Server updates are released, with no known exploits, and the T Net framework receives a rare update for an encryption vulnerability.

Ivanti’s 2025 DEX report reveals a surprising disconnect: While IT leaders strongly believe in DEX, its adoption and impact are plateauing across industries. Join us for a thought-provoking webinar with Ivanti’s Mariah Shotts, along with special guest and AI expert Rob May. We’ll unpack findings from our global survey of 3,300 IT professionals and office workers, revealing: Whether you’re just beginning your DEX journey or looking to optimize your existing program, this session will help you benchmark your progress, close critical gaps and chart a future-proof strategy.

ivanti.com/itsm-automation Unlock the secrets to successful Agentic AI deployment and widespread AI adoption in your organization with insights from Scott Hughes, SVP of Revenue Operations and Corporate IT at Ivanti. This video explores why IT-business alignment is critical, the importance of high-quality data, and how legacy infrastructure poses challenges for effective AI integration. Key insights.