December 2025 Patch Tuesday is supposed to be the quiet cruise into Christmas, right? Instead we got fifty seven vulnerabilities, three zero days and one actively exploited Windows privilege escalation that hits almost every supported build. Add in one hundred and thirty nine Adobe fixes and an awkward five week gap until the next Patch Tuesday in January and you have a perfect festive storm. Are you really happy to leave servers and laptops unpatched while everyone is on holiday, or do you want
Four zero-days. One perfect 10.0 severity score. Hundreds of thousands of sites already compromised. Criminals are exploiting Exchange Servers, Magento shops, and Oracle ERP systems right now - whilst you're reading this. SAP's vulnerability was so bad they deleted the entire component rather than fix it. WordPress sites are falling to a plugin bug that shouldn't exist. And that's just November. Your patching strategy just became a lot more urgent. Graham Falkner breaks down what to patch first:
September’s Microsoft Patch Tuesday isn't just another routine update cycle. With 81 vulnerabilities patched including 9 critical flaws, and active exploitation campaigns already targeting SharePoint servers, this represents significant business risk. Cyber Essentials certified organisations have until September 23rd to deploy updates, but waiting 14 days significantly increases risk exposure. The psychological tendency to defer technical updates creates dangerous security gaps. From authenticat
