Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...

CVE-2026-23430

A flaw was found in the Linux kernel, specifically within the drm/vmwgfx component. This vulnerability occurs when the kernel incorrectly overwrites the Kernel Mode Setting KMS surface dirty tracker. This error leads to a memory leak, which can degrade system performance and potentially cause...

EUVD-2026-18665

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak...

CVE-2026-23430

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak...

CVE-2026-23430

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak...

PT-2026-30125

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak...

📄 ThreatFire System Monitor 4.7.0.53 Kernel‑Mode Arbitrary Process Termination

This Metasploit module terminates the Windows Defender process MsMpEng.exe by sending a specific IOCTL to the TfSysMon driver. ============================================================================================================================================= | Title : ThreatFire System...

CVE-2025-25058

CVE-2025-25058 affects Intel Ethernet 800-Series kernel-mode drivers in VMware ESXi: improper initialization may allow information disclosure. A local, low-complexity attack by an authenticated unprivileged user could expose data. Vulnerable on ESXi 8.0 (before 2.2.2.0) and ESXi 9.0 (before 2.2.3...

VulnCheck KEV: CVE-2025-61155

The GameDriverX64.sys kernel-mode anti-cheat driver v7.23.4.7 and earlier contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context...

CVE-2025-33218

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys, where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or...

CVE-2025-33218

CVE-2025-33218 affects the NVIDIA GPU Display Driver for Windows, in the kernel-mode nvlddmkm.sys, where an integer overflow could enable a local attacker to achieve code execution, privilege escalation, data tampering, DoS, or information disclosure. Public advisories from NVIDIA enumerate affec...

EUVD-2025-206464

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys, where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or...

CVE-2025-33218

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys, where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or...

NVIDIA GPU Display Driver for Windows: Input validation error vulnerability

NVIDIA GPU Display Driver for Windows is a driver software developed by NVIDIA Corporation for interaction with the graphics card display module in Windows systems. NVIDIA GPU Display Driver for Windows has a vulnerability related to input validation errors. This vulnerability stems from an integ...

UBUNTU-CVE-2026-23008

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen...

CVE-2026-23008

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen...

PT-2026-4670

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003674 advisory. Insufficient input validation in Kernel Mode Driver in IntelR i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable...

CVE-2026-20859

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...

CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

...