Keeping up with the latest vulnerabilities in popular software is crucial for maintaining cybersecurity. Here are some significant recent vulnerabilities that people should be aware of, as discussed by Redditors:

Windows Vulnerabilities

• CVE-2025-9491: A vulnerability in the Windows Shortcut binary format that allows for remote code execution. Microsoft has not yet patched this, and it is being actively exploited by a China-aligned threat group. "Seven months later, Microsoft still hasn’t patched the vulnerability"

• CVE-2025-59287: A critical remote code execution vulnerability in Windows Server Update Services (WSUS). Microsoft released an unscheduled update for this, but proof-of-concept code showed the fix was incomplete. "The other Windows vulnerability was patched last week"

General Cybersecurity Concerns

• BYO-Vulnerable Driver Attacks: Ransomware gangs are using Bring Your Own Vulnerable Driver (BYOVD) attacks, which exploit legitimate but vulnerable drivers to bypass security measures. "Ransomware gangs are using BYO-Vulnerable Driver account for about 20% of attacks"

• Misconfigurations: Many security breaches are due to simple misconfigurations, such as not changing default passwords. "The most frequently encountered vuln in real life is misconfigurations"

• Malicious Browser Extensions: Users downloading malicious Chrome plug-ins and other browser extensions from untrusted sources is a significant threat. "Chrome plug-ins. A user googles ‘I want a thing to do a thing’ and the first hit takes them to download a malicious YouTube converter"

Vendor and Software-Specific Vulnerabilities

• Fortinet/Ivanti Zero Days: Constant vulnerabilities in products from vendors like Fortinet and Ivanti are a cause for concern. "What about the constant Fortinet/Ivanti zero days"

• Vendor Paywalling: Some vendors are charging for patches to known vulnerabilities, which is seen as a unethical practice. "There's a vulnerability in our software? Ok, pay us $3000 to patch it"

Resources for Tracking Vulnerabilities

• OpenCVE.io: A comprehensive database that allows users to track CVEs by product and vendor. "I use https://www.opencve.io/ and im happy with selecting the products and vendors im interested of"

• Exploit-DB.com: A repository of exploits for various software. "I'll search https://www.exploit-db.com/ for products in our inventory"

Subreddits for Further Discussion

• r/technology

• r/cybersecurity

• r/sysadmin

• r/ExploitDev

These communities are great places to ask more specific questions and stay updated on the latest cybersecurity threats.