CISA is a good source of information on updates and vulnerabilities. They do issue industrial updates as well, I do not cover them here as I think they are outside the scope of these posts, but if you are involved in industry the site is worth a regular visit to make sure you are not missing anything.
Mozilla Releases Security Update for Thunderbird | CISA
Apple Releases Security Updates for Multiple Products | CISA
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.