I regularly check the The US government Cybersecurity and Infrastructure Security Agency (CISA) site s it is a good source for patch and vulnerability alerts.
Yesterday they posted security advisories for a range of products including Cisco, Drupal, and VMware:
Cisco Releases Security Advisories for Multiple Products | CISA
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge | CISA
VMware Releases Security Update for VMware vRealize Operations | CISA
Known Exploited Vulnerabilities were added to it’s catalogue for Oracle and SugarCRM:
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.