The US government Cybersecurity and Infrastructure Security Agency (CISA) site is one of the “go to places” for me and my team to keep up with vulnerabilities in our client’s software. Although aimed at the US Government and US users it is still really useful.
Here is a round-up of the most recent:
Apple Releases Security Updates for Multiple Products | CISA
Atlassian Releases Security Advisories for Multiple Products | CISA
Known Exploited Vulnerabilities
The CISA Known Exploited Vulnerabilities Catalog is also a good source of information on vulnerabilities that are actually being exploited, with links to mitigation:
Known Exploited Vulnerabilities Catalog | CISA
And occasionally they remove one:
CISA Removes One Known Exploited Vulnerability From Catalog | CISA
Industry
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
…and more
They also issue more detailed documents on specific attacks – I do not often link to these as they often aimed at the US Government offices however this one on Spear Phishing by Russian threat actors has some really useful information and descriptions that anyone who has to deal with any type of phishing attack will find useful:
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA
This report on the threat actor group Star Blizzard is co-authored with other international cyber security agencies including the UK’s National Cyber Security Centre (NCSC).
Both of these reports will give you or the person responsible for your cyber security a good insight into the functioning and activity of these major threat actors.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.