USN-8177-1: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Exploit for CVE-2018-19320

KernelMode - Advanced Windows Kernel Exploitation Toolkit...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Iolo System_Shield

VulnDrivers-n-LOLDrivers-POCs List of POCs I have done for som...

CVE-2026-23761

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively, as well as VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a vulnerability in their virtual aud...

EUVD-2016-8953

Malware in sbrugna...

EUVD-2021-31699

Malicious code in bioql PyPI...

January 14, 2025—KB5050009 (OS Build 26100.2894)

January 14, 2025—KB5050009 OS Build 26100.2894 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 24H2, see its update history page. Note Follow @WindowsUpdate to find ou...

January 14, 2025—KB5050008 (OS Build 17763.6775)

January 14, 2025—KB5050008 OS Build 17763.6775 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Important: Windows updates d...

November 12, 2024—KB5046618 (OS Build 25398.1251)

November 12, 2024—KB5046618 OS Build 25398.1251 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security updat...

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage...

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response EDR software on compromised hosts, joining the likes of other similar programs like AuKill aka AvNeutralizer and Terminator. The EDR-killing utility h...

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions EDRs and thwart detection in what's called a Bring Your Own Vulnerable Driver BYOVD attack. Elastic Security Labs is tracking the campaign under the name...

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. Real-world examples can be found in our previous...

LOLDrivers

LOLDrivers - Living Off The Land Drivers 🚗💨 !CI buildhttps...

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver BYOVD attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...

PT-2019-6410 · Phoenix · Phoenix Sct Winflash

Name of the Vulnerable Software and Affected Versions: Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0 Description: The issue is related to the included drivers in Phoenix SCT WinFlash, which could be used by a malicious Windows application to gain elevated privileges. The adverse impacts...