This week’s report: A critical Cisco update, widespread exploitation of Microsoft WSUS with emergency patching guidance, and a high-severity AMD CPU issue that can weaken cryptography. Below, let's look at what happened, why it matters, and what to do next...
Apple released security updates addressing five WebKit flaws (including buffer overflow and use-after-free issues) credited to Google’s AI-assisted vulnerability discovery effort “Big Sleep.” While Apple did not flag in-the-wild exploitation for these specific CVEs, WebKit sits at the heart of Safari and many in-app browsers, making rapid updates important. The patches shipped as part of iOS/iPadOS 26.1, macOS Tahoe 26.1 and Safari 26.1. Given the ubiquity of iOS devices among clinicians and admin staff, delaying updates increases risk from drive-by exploits and malicious web content.
Clinicians frequently access EPR portals, imaging viewers, and email from iPhones and iPads. Unpatched WebKit bugs enable credential theft or session hijacking via malicious pages, risking access to patient and corporate systems.
Recommendations:
Cisco disclosed multiple critical flaws in Unified Contact Center Express (UCCX) that allow unauthenticated remote attackers to upload files, bypass authentication, execute commands and potentially gain root. There are no workarounds; fixed software is available and should be deployed immediately. Related advisories also cover other Cisco contact-centre components.
Many companies rely on Cisco contact-centre workflows for patient access and clinical operations. Remote code execution on UCCX risks call-handling disruption, data exposure, and a potential pivot deeper into clinical networks.
Recommendations:
A critical unauthenticated RCE in Windows Server Update Services (WSUS) is being exploited. Microsoft shipped out-of-band updates; security teams and researchers report scanning and compromises against internet-exposed WSUS and internal targets. CISA added the CVE to KEV and set patch deadlines for U.S. agencies. UK organisations should treat this as actively exploited.
Compromising WSUS can deliver malicious updates at scale across an estate, enabling rapid lateral movement and ransomware staging in hospitals and suppliers.
Recommendations:
AMD confirmed a high-severity issue on Zen 5 CPUs where the RDSEED instruction can return zero while signalling success in 16/32-bit forms, risking generation of predictable cryptographic values. AMD has published mitigations and timelines for microcode/AGESA updates; EPYC fixes are landing first, with desktop/workstation updates slated by late November.
Weak randomness can undermine TLS, VPN, SSO tokens and software-update signing in clinical apps and back-office systems. Mixed estates (on-prem and cloud) should verify CPU families and crypto dependencies.
Recommendations:
That’s all for this week—prioritise Cisco UCCX patching and WSUS hardening, and schedule AMD firmware updates if you run Zen 5.
Speak with our team about Periculo Threat Intelligence and targeted remediation support.