Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
Vulnerability Management and more
Kanalga Telegram’da o‘tish
Vulnerability assessment, IT compliance management, security automation. Russian channel: @avleonovrus Russial live news channel: @avleonovlive PM @leonov_av
Ko'proq ko'rsatish2 818
Obunachilar
Ma'lumot yo'q24 soatlar
-17 kunlar
Ma'lumot yo'q30 kunlar
Ma'lumot yuklanmoqda...
O'xshash kanallar
Taglar buluti
Kirish va chiqish esdaliklari
---
---
---
---
---
---
Obunachilarni jalb qilish
Iyun '26
Iyun '26
+18
0 kanalda
May '26
+34
0 kanalda
Get PRO
Aprel '26
+36
0 kanalda
Get PRO
Mart '26
+33
1 kanalda
Get PRO
Fevral '26
+36
1 kanalda
Get PRO
Yanvar '26
+43
0 kanalda
Get PRO
Dekabr '25
+34
1 kanalda
Get PRO
Noyabr '25
+57
0 kanalda
Get PRO
Oktabr '25
+35
1 kanalda
Get PRO
Sentabr '25
+15
0 kanalda
Get PRO
Avgust '25
+19
0 kanalda
Get PRO
Iyul '25
+15
1 kanalda
Get PRO
Iyun '25
+12
0 kanalda
Get PRO
May '25
+17
0 kanalda
Get PRO
Aprel '25
+15
1 kanalda
Get PRO
Mart '25
+22
1 kanalda
Get PRO
Fevral '25
+33
0 kanalda
Get PRO
Yanvar '25
+38
1 kanalda
Get PRO
Dekabr '24
+14
2 kanalda
Get PRO
Noyabr '24
+45
1 kanalda
Get PRO
Oktabr '24
+46
1 kanalda
Get PRO
Sentabr '24
+78
1 kanalda
Get PRO
Avgust '24
+73
1 kanalda
Get PRO
Iyul '24
+121
1 kanalda
Get PRO
Iyun '24
+100
0 kanalda
Get PRO
May '24
+92
0 kanalda
Get PRO
Aprel '24
+93
1 kanalda
Get PRO
Mart '24
+92
1 kanalda
Get PRO
Fevral '24
+119
0 kanalda
Get PRO
Yanvar '24
+137
0 kanalda
Get PRO
Dekabr '23
+97
1 kanalda
Get PRO
Noyabr '23
+59
1 kanalda
Get PRO
Oktabr '23
+75
1 kanalda
Get PRO
Sentabr '23
+83
0 kanalda
Get PRO
Avgust '23
+59
0 kanalda
Get PRO
Iyul '23
+60
0 kanalda
Get PRO
Iyun '23
+38
0 kanalda
Get PRO
May '23
+48
0 kanalda
Get PRO
Aprel '23
+67
0 kanalda
Get PRO
Mart '23
+60
0 kanalda
Get PRO
Fevral '23
+60
0 kanalda
Get PRO
Yanvar '23
+60
0 kanalda
Get PRO
Dekabr '22
+65
0 kanalda
Get PRO
Noyabr '22
+52
0 kanalda
Get PRO
Oktabr '22
+61
0 kanalda
Get PRO
Sentabr '22
+53
0 kanalda
Get PRO
Avgust '22
+49
0 kanalda
Get PRO
Iyul '22
+43
0 kanalda
Get PRO
Iyun '22
+20
0 kanalda
Get PRO
May '22
+39
0 kanalda
Get PRO
Aprel '22
+19
0 kanalda
Get PRO
Mart '22
+63
0 kanalda
Get PRO
Fevral '22
+78
0 kanalda
Get PRO
Yanvar '22
+17
0 kanalda
Get PRO
Dekabr '21
+31
0 kanalda
Get PRO
Noyabr '21
+28
0 kanalda
Get PRO
Oktabr '21
+19
0 kanalda
Get PRO
Sentabr '21
+15
0 kanalda
Get PRO
Avgust '21
+13
0 kanalda
Get PRO
Iyul '21
+26
0 kanalda
Get PRO
Iyun '21
+11
0 kanalda
Get PRO
May '21
+22
0 kanalda
Get PRO
Aprel '21
+25
0 kanalda
Get PRO
Mart '21
+34
0 kanalda
Get PRO
Fevral '21
+9
0 kanalda
Get PRO
Yanvar '21
+24
0 kanalda
Get PRO
Dekabr '20
+1 157
0 kanalda
| Sana | Obunachilarni jalb qilish | Esdaliklar | Kanallar | |
| 18 Iyun | 0 | |||
| 17 Iyun | 0 | |||
| 16 Iyun | +2 | |||
| 15 Iyun | +2 | |||
| 14 Iyun | 0 | |||
| 13 Iyun | 0 | |||
| 12 Iyun | +1 | |||
| 11 Iyun | 0 | |||
| 10 Iyun | +1 | |||
| 09 Iyun | +1 | |||
| 08 Iyun | +1 | |||
| 07 Iyun | +2 | |||
| 06 Iyun | 0 | |||
| 05 Iyun | +1 | |||
| 04 Iyun | 0 | |||
| 03 Iyun | +3 | |||
| 02 Iyun | +4 | |||
| 01 Iyun | 0 |
Kanal postlari
June "In the Trend of VM" (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. In the previous May edition, we covered four vulnerabilities. This time, there are also four vulnerabilities associated with five CVE identifiers.
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
🔻 EoP - Linux Kernel "Dirty Frag" (CVE-2026-43284, CVE-2026-43500). A chain of vulnerabilities with a public exploit to obtain root access. There are signs of in-the-wild exploitation.
🔻 EoP - Linux Kernel "Fragnesia" (CVE-2026-46300). Another vulnerability for gaining root access with a public exploit.
🔻 EoP - Microsoft Defender "RedSun" (CVE-2026-41091). A privilege escalation vulnerability leading to SYSTEM-level access, with a public exploit available and indications of in-the-wild exploitation. Pay special attention to Windows server and desktop environments where Microsoft Defender is enabled but there is no Internet access for regular updates.
🔻 RCE - PAN-OS (CVE-2026-0300). A remote unauthenticated RCE with root privileges affecting PA-Series and VM-Series firewalls. A public exploit exists, and there are indications of in-the-wild exploitation.
🟥 The full list of trending vulnerabilities is available on the portal
@avleonovcom #PositiveTechnologies #TrendVulns #DirtyFrag #HyunwooKim #v4bel #LinuxKernel #KernelExploit #xfrmESP #RxRPC #AppArmor #Linux #Ubuntu #RHEL #openSUSE #CentOSStream #AlmaLinux #Fedora #Fragnesia #V12 #Kernel #EoP #LPE #Microsoft #MicrosoftDefender #Defender #Windows #AntiMalware #exploit #GitHub #CISAKEV #KEV #NightmareEclipse #RedSun #PaloAlto #PANOS #NGFW #Firewall #Exploit #Shodan #PrismaAccess #CloudNGFW #Panorama
| 2 | About Elevation of Privilege - Microsoft Defender "RedSun" (CVE-2026-41091) vulnerability. Microsoft Defender is a built-in security solution developed by Microsoft to protect the Windows operating system and user data from viruses, malware, and other cyber threats in real time. An improper link resolution vulnerability prior to file access ("link following", CWE-59) in Microsoft Defender, specifically within the Malware Protection Engine component, allows an authenticated local attacker to escalate privileges to SYSTEM level. As a result, an attacker could gain full control over the affected system, including unrestricted access to data, the ability to modify system settings, install software, manage user accounts, and disable security protections.
🛠 An exploit for the vulnerability was published on GitHub by security researcher Nightmare Eclipse on April 15, alongside exploits targeting other Windows component vulnerabilities. The account was later removed by GitHub administrators; however, this did not prevent the exploit code from spreading further.
⚙️ The security advisory and patches were released on May 19 outside Microsoft's regular Patch Tuesday schedule. Versions of Microsoft Malware Protection Engine from 1.1.26030.3008 through 1.1.26040.8 are affected. Systems with Microsoft Defender disabled are not vulnerable. By default, Microsoft Defender automatically updates Windows security components, antivirus definitions, and Microsoft Malware Protection Engine, so no additional user action is typically required. Malware Protection Engine is updated monthly or as new threats emerge, while antivirus definitions are updated several times per day. Update checks may run automatically anywhere from once to several times daily when an Internet connection is available. Manual update checks are also supported.
👾 According to Microsoft, the vulnerability is being exploited in the wild. The vulnerability was added to the CISA KEV catalog on May 20.
💡 Special attention should be paid to server and desktop Windows hosts where Microsoft Defender is not disabled, but Internet access is unavailable for regular updates.
@avleonovcom #Microsoft #MicrosoftDefender #Defender #Windows #AntiMalware #exploit #GitHub #CISAKEV #KEV #NightmareEclipse #RedSun | 155 |
| 3 | Added an indicator of in-the-wild exploitation to the illustration and to the post on the website:
"👾 On May 11, the vulnerability chain was added to VulnCheck KEV, indicating that it has been exploited in the wild." | 198 |
| 4 |  About Remote Code Execution - PAN-OS (CVE-2026-0300) vulnerability. PAN-OS is an operating system for Palo Alto Networks firewalls and security platforms. User-ID™ Authentication Portal (also known as Captive Portal) is a non-default PAN-OS feature used to map IP addresses to usernames. By exploiting a buffer overflow vulnerability (CWE-787), an unauthenticated remote attacker can send specially crafted packets to a device with the Authentication Portal enabled, achieving arbitrary code execution with root privileges on the affected device. No authentication or user interaction is required. If the vulnerability is successfully exploited, the attacker gains full control over network traffic: they can intercept, modify, or block connections, access sensitive data, bypass security policies, hide traces of compromise, install backdoors, and use the device as a foothold for attacks on internal infrastructure.
⚙️ The vendor security advisory was published on May 6. PA-Series and VM-Series firewalls are affected. Prisma Access, Cloud NGFW, and Panorama appliances are not impacted by this vulnerability. Security updates for affected devices became available on May 13. As a workaround, the vendor recommended restricting User-ID™ Authentication Portal access to only trusted internal zones or disabling the User-ID™ Authentication Portal entirely if it is not required.
👾 On the same day, May 6, researchers from Palo Alto Networks Unit 42 published a report on active exploitation of the vulnerability in the wild. Post-exploitation activity includes deployment of publicly available tunneling tools (EarthWorm, ReverseSocks5), Active Directory enumeration using credentials likely obtained from the firewall, and systematic destruction of logs and other evidence of compromise. On the same day, the vulnerability was added to the CISA KEV catalog.
🛠 A public exploit was also published on GitHub on May 6.
🌐 PAN-OS is among the most widely deployed enterprise firewall operating systems in the world. As of June 5, Shodan identifies approximately 135,755 internet-facing PAN-OS instances, representing a significant attack surface.
@avleonovcom #PaloAlto #PANOS #NGFW #Firewall #Exploit #CISAKEV #Shodan #PrismaAccess #CloudNGFW #Panorama | 438 |
| 5 |  May Linux Patch Wednesday. A total of 1,638 vulnerabilities (474 in the Linux kernel). For comparison, in April there were 1,035 vulnerabilities (a record!). And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But we will see what happens next. At some point it should stabilize. Although the number of critical vulnerabilities is already so high that reviewing all of them becomes quite problematic. For 7 vulnerabilities there are signs of exploitation in the wild. And for another 264 there are public exploits.
[ Read the full post on avleonov.com ]
🗒 Full Vulristics report
@avleonovcom #LinuxPatchWednesday #Linux #LinuxKernel #CISAKEV #VulnCheckKEV #KEV #Exploit #Apache #ApacheHTTPServer #ApacheTomcat #ApacheActiveMQ #NGINX #ProFTPD #PgBouncer #Rclone #Postorius #GNUMailman #PostgreSQL #PHP #Composer #Django #Qualys #PackageKit #DirtyFrag #CopyFail #DirtyDecrypt #Fragnesia | 427 |
| 6 |  About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from Dirty Frag, which was addressed with a separate patch. It allows achieving arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.🛠 Technical details and exploit code were published on May 15. The public exploit modifies the contents of /usr/bin/su in the kernel page cache, and then executes /usr/bin/su, resulting in the user obtaining a root shell. The on-disk binary is never modified. A reboot or cache flush restores normal system behavior.
[ Read the full post on avleonov.com ]
@avleonovcom #Linux #LinuxKernel #Fragnesia #V12 #DirtyFrag #Ubuntu #Kernel #EoP #LPE #xfrmESP | 445 |
| 7 |  May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. While the previous April edition featured only one vulnerability, this one includes four, covering different technologies and attack scenarios.
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
🔻 EoP - Linux Kernel "Copy Fail" (CVE-2026-31431). The vulnerability allows an attacker to gain root privileges.
🔻 RCE - Apache ActiveMQ (CVE-2026-34197). A vulnerability in a solution widely used in enterprise systems and integration platforms.
🔻 Spoofing - Microsoft SharePoint Server (CVE-2026-32201). A vulnerability in a Microsoft collaboration and document management platform widely used in enterprise systems and internal portals.
🔻 RCE - Adobe Reader (CVE-2026-34621). A vulnerability in a widely used PDF document viewer; actively exploited in phishing attacks.
🟥 The full list of trending vulnerabilities is available on the portal
@avleonovcom #PositiveTechnologies #TrendVulns | 474 |
| 8 |  About Remote Code Execution - Adobe Reader (CVE-2026-34621) vulnerability. Adobe Acrobat Reader (from 2003 to 2015, "Adobe Reader") is a free PDF viewer developed by Adobe. Versions are available for Windows, macOS, Android, and iOS. The remote code execution vulnerability in Adobe Acrobat for Windows and macOS is caused by improper handling of object prototype attributes (CWE-1321 - "Prototype Pollution"). Successful exploitation of the vulnerability allows an attacker to execute arbitrary code on the target system when the victim opens a specially crafted document.
👾 Researcher Haifei Li, the developer of EXPMON - a sandbox-based system designed to detect file-based zero-days and hard-to-detect exploits - reported the vulnerability and the existence of a working exploit on April 7.
[ Read the full post on avleonov.com ]
@avleonovcom #Adobe #AcrobatReader #PrototypePollution #EXPMON #HaifeiLi #VirusTotal #CISAKEV #utilReadFileIntoStream #RSSaddFeed | 421 |
| 9 | May Microsoft Patch Tuesday. A total of 119 vulnerabilities, approximately 1.5 times fewer than in April. There are currently no vulnerabilities marked as actively exploited in the wild. However, there is one vulnerability with a public exploit:
🔸 EoP - Windows Kernel (CVE-2026-40369). A detailed write-up and exploit for this vulnerability were published on May 14, two days after the May MSPT. The researcher describes exploitation of the vulnerability as follows: "A single syscall from any unprivileged process — including inside Chrome's renderer sandbox — can increment arbitrary kernel memory addresses. No race conditions. No heap spray. No special tokens. 100% deterministic privilege escalation to SYSTEM."
[ Read the full post on avleonov.com ]
🗒 Full Vulristics report
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows #MSPT #MicrosoftOffice #MicrosoftWord #DNS #Netlogon #TCPIP #WindowsKernel #GDI #Dynamics365 #UseAfterFree #UAF #HeapSpray #ActiveDirectory #DomainController | 441 |
| 10 | April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities by Positive Technologies. Once again, single-vendor, Microsoft-focused, and unusually compact. While the previous March edition had four trending vulnerabilities, this April edition has only one. In the upcoming May edition, we expect at least three trending vulnerabilities. 😉
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
This vulnerability is from the January Microsoft Patch Tuesday:
🔻 RCE - Microsoft SharePoint (CVE-2026-20963). The vulnerability was initially rated less critical due to an authentication requirement PR:L, but Microsoft later determined that no authentication is required PR:N. It was added to the CISA KEV, indicating active exploitation in the wild. No public exploits exist yet.
🟥 The full list of trending vulnerabilities is available on the portal
@avleonovcom #PositiveTechnologies #TrendVulns #Microsoft #SharePoint #CISA #CISAKEV | 417 |
| 11 |  About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them.
This vulnerability is from the April Linux Patch Wednesday.Details about this vulnerability were published on April 7 in the HORIZON3.ai company blog. They claim that the Apache ActiveMQ Classic vulnerability has been hiding in plain sight for 13 years. An attacker can invoke a management operation through ActiveMQ's Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS commands.
[ Read the full post on avleonov.com ]
@avleonovcom #Apache #ActiveMQ #FortiGuard #Shadowserver #HORIZON3 #Jolokia #JMX #CISAKEV | 455 |
| 12 |  About Spoofing - Microsoft SharePoint Server (CVE-2026-32201) vulnerability. A vulnerability from the April Microsoft Patch Tuesday. The description provided by Microsoft experts is extremely vague: "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability)." Spoofing is an attack in which a threat actor forges data, an address, an identifier, or a trusted source in order to impersonate a legitimate user, service, or system.
What is actually hidden behind this description?
[ Read the full post on avleonov.com ]
@avleonovcom #Microsoft #SharePoint #XSS #ReflectedXSS #KEV #CISAKEV #ZDI | 388 |
| 13 |  About Elevation of Privilege vulnerability - Linux Kernel "Dirty Frag" (CVE-2026-43284, CVE-2026-43500) vulnerability. According to information from researcher Hyunwoo Kim (@v4bel), Dirty Frag is a vulnerability (a class of vulnerabilities) that allows a local unprivileged attacker to obtain root privileges on most Linux distributions by combining the xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284) and the RxRPC Page-Cache Write vulnerability (CVE-2026-43500).
[...]
As the researcher reports, the xfrm-ESP Page-Cache Write vulnerability in the Dirty Frag chain shares the same sink as Copy Fail. However, it is triggered regardless of whether the algif_aead module is available. Even on systems where the publicly known Copy Fail mitigation is applied, Linux remains vulnerable to Dirty Frag.
[ Read the full post on avleonov.com ]
@avleonovcom #DirtyFrag #HyunwooKim #v4bel #LinuxKernel #KernelExploit #xfrmESP #RxRPC #AppArmor #Linux #Ubuntu #RHEL #openSUSE #CentOSStream #AlmaLinux #Fedora | 458 |
| 14 | About Elevation of Privilege - Linux Kernel "Copy Fail" (CVE-2026-31431) vulnerability. A local privilege escalation vulnerability in the Linux kernel AF_ALG component, which is caused by a memory handling flaw, allows an unprivileged user to escalate privileges to root. By exploiting this vulnerability, an attacker can fully compromise the system: read and modify any files, including passwords and keys, replace system binaries, disable security controls and monitoring tools, stealthily install backdoors and maintain persistence, hide traces of their activity, and use the host as a foothold for attacks on other network assets.
⚙️🛠 On April 1, patches addressing the vulnerability were merged...
[ Read the full post on avleonov.com ]
@avleonovcom #LinuxKernel #AFALG #KernelExploit #ContainerEscape #Kubernetes #CopyFail #Exploit #PoC #DirtyCow #DirtyPipe #RaceCondition #Python #VFS #Ubuntu #Debian #Fedora #ArchLinux #CloudLinux #AmazonLinux #RHEL #SUSE #ROSALinux #ROSA #CISA #CISAKEV | 438 |
| 15 |  About Remote Code Execution - Microsoft SharePoint (CVE-2026-20963) vulnerability. This vulnerability was fixed in the January MSPT. At the time of the MSPT release on January 13, VM vendors did not highlight this vulnerability in their reviews, and Microsoft reported no evidence of exploitation in the wild. The CVSS vector was initially rated as CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8). The "PR:L" indicates that authentication was required to exploit the vulnerability. However, on March 17, Microsoft updated both the vulnerability description and its CVSS vector. The updated CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). The "PR:N" indicates that authentication is not required for exploitation.
[ Read the full post on avleonov.com ]
@avleonovcom #SharePoint #Microsoft #VMProcess #Prioritization #CISA #CISAKEV | 548 |
| 16 | April Linux Patch Wednesday. In April, Linux vendors addressed 1,035 vulnerabilities - nearly twice as many as in March. One might assume that most of these would again be Linux Kernel vulnerabilities, but that's not the case! Linux Kernel vulnerabilities were relatively few - just 209. The remaining vulnerabilities are distributed across more than 200 affected products. Notably, two vulnerabilities show evidence of active exploitation in the wild:
🔻 RCE - Apache ActiveMQ (CVE-2026-34197). Remote code execution is possible via the Jolokia API (/api/jolokia/) with no authentication required. The vulnerability remained hidden in the codebase for 13 years before being discovered using AI. Listed in the CISA KEV since April 16. Numerous exploits are available on GitHub.
[ Read the full post on avleonov.com ]
🗒 Full Vulristics report
@avleonovcom #LinuxPatchWednesday #Vulristics #CISAKEV #Linux #LinuxKernel #Apache #ActiveMQ #Chromium #GoogleChrome #Cockpit #CUPS #KVMTool #tar | 0 |
| 17 |  April Microsoft Patch Tuesday. A total of 167 vulnerabilities, about twice as many as in March. There is one vulnerability already being exploited in the wild:
🔻 Spoofing - Microsoft SharePoint Server (CVE-2026-32201). ZDI experts say "Spoofing bugs in SharePoint often manifest as cross-site scripting (XSS) bugs". "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability)". There is no info yet about how widely it is being used in attacks, but you should not delay patching, especially if SharePoint is exposed to the Internet.
[ Read the full overview on the avleonov.com website ]
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows #SharePoint #MicrosoftDefender #ActiveDirectory #IKE #WindowsTCPIP #WindowsPushNotifications #RemoteDesktop #RPC #Winsock #IPv6 #IPSec #BlueHammer #ChaoticEclipse #Pwn2Own #NCSC | 0 |
| 18 |  March Linux Patch Wednesday. In March, Linux vendors began addressing 575 vulnerabilities, which is 57 fewer than in February. Of these, 93 are in the Linux Kernel (⬇️ a significant decrease - there were 305 in February). There are two vulnerabilities with signs of in-the-wild exploitation:
🔻 RCE - Chromium (CVE-2026-3909, CVE-2026-3910)
Additionally, for 130 (❗️) vulnerabilities, public exploits are available or there are indications of their existence. Notable ones include:
🔸 RCE - Caddy (CVE-2026-27590), NLTK (CVE-2025-14009), Rollup (CVE-2026-27606), GVfs (CVE-2026-28296), SPIP (CVE-2026-27475), OpenStack Vitrage (CVE-2026-28370)
🔸 AuthBypass - Curl (CVE-2026-3783), coTURN (CVE-2026-27624), Libsoup (CVE-2026-3099)
[ And a few more on the avleonov.com website ]
🗒 Full Vulristics report
@avleonovcom #LinuxPatchWednesday #Vulristics #Linux #Chromium #Caddy #NLTK #Rollup #GVfs #SPIP #OpenStack #Vitrage #Curl #coTURN #Libsoup #Glances #gSOAP #basicftp #Snapd #GNUInetutils #Keycloak #PyJWT #Authlib #lxml | 0 |
| 19 |  March "In the Trend of VM" (#25): once again, vulnerabilities are only in Microsoft products. I present the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. As in February, it turned out to be quite compact and focused on a single vendor.
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
All four vulnerabilities are from the February Microsoft Patch Tuesday, and all are actively being exploited in the wild:
🔻 RCE - Windows Shell (CVE-2026-21510)
🔻 RCE - Microsoft Word (CVE-2026-21514)
💬 Microsoft classified the two vulnerabilities above as Security Feature Bypass, but in fact, they are Remote Code Execution.
🔻 EoP - Windows Remote Desktop Services (CVE-2026-21533)
🔻 EoP - Desktop Window Manager (CVE-2026-21519)
🟥 The full list of trending vulnerabilities can be found on the portal
На русском
@avleonovcom #PositiveTechnologies #TrendVulns #Microsoft #Windows #LNK #SmartScreen #WindowsShell #Office #OLE #RDP #RDS #DWM #CrowdStrike | 0 |
