Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

CVE-2025-60706

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally...

Microsoft Patch Tuesday, November 2025 Security Update Review

Microsoft released its November Patch Tuesday Security Updates. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for November 2025 This month's release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities. In this month's update...

CVE-2025-60706

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally...

CVE-2025-60706

According to the NCSC advisory, CVE-2025-60706 is a vulnerability in Windows Hyper-V where an out-of-bounds read can allow an authorized local attacker to disclose information (impact: access to sensitive data). The CVE is listed under Windows Hyper-V in the advisory with a CVSS v3.1 base score o...

CVE-2025-60706 Windows Hyper-V Information Disclosure Vulnerability

...

CVE-2025-60706 Windows Hyper-V Information Disclosure Vulnerability

...

Microsoft Storvsp.sys Driver 安全漏洞

Microsoft Storvsp.sys Driver is a virtual storage bus driver from Microsoft Corporation USA. It is primarily used for virtual storage communication between virtual machines and hosts in Hyper-V virtualized environments. A security vulnerability exists in Microsoft Storvsp.sys Driver. An attacker...

PT-2025-46469

Name of the Vulnerable Software and Affected Versions Windows Hyper-V affected versions not specified Description An out-of-bounds read issue exists in Windows Hyper-V. A local attacker with authorization can potentially disclose information. Recommendations At the moment, there is no information...

Microsoft Hyper-V 缓冲区错误漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A buffer error vulnerability exists in Microsoft Hyper-V. An attacker exploiting this vulnerability could gain access to sensitive information. Th...

Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database

Summary Multiple vulnerabilities were addressed in Hyper Converged Database version 1.2.4 Vulnerability Details CVEID:CVE-2017-6519 DESCRIPTION: avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows...

⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Cyber threats didn't slow down last week—and attackers are getting smarter. We're seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that's just the surface. From sleeper logic bombs to a fresh alliance...

PT-2025-46143

Name of the Vulnerable Software and Affected Versions HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description An external control of file name or path issue exists in HBS 3 Hybrid Backup Sync. An attacker with local network access can potentially read or modify files and directories...

PT-2025-46141

Name of the Vulnerable Software and Affected Versions Hyper Data Protector versions prior to 2.2.4.1 Description An SQL injection issue exists in Hyper Data Protector. Successful exploitation could allow remote attackers to execute unauthorized code or commands. Recommendations Update to Hyper Da...

PT-2025-46139

Name of the Vulnerable Software and Affected Versions Malware Remover versions prior to 6.6.8.20251023 Description An improper control of generation of code issue exists in Malware Remover, potentially allowing remote attackers to bypass protection mechanisms. Recommendations Update to Malware...

PT-2025-46142

Name of the Vulnerable Software and Affected Versions QNAP HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description A flaw exists in QNAP HBS 3 Hybrid Backup Sync related to incorrect path restriction for an access-limited directory. Successful exploitation by a remote attacker could lea...

PT-2025-46144

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3292 build 20251024 Description A flaw exists due to a NULL pointer dereferenc...

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to depl...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988717 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...