389 matches found
VMconf 22 Vulnerability Management conference: Call For Papers started
Hello everyone! This episode will be about the VMconf 22 Vulnerability Management conference. CFP started on November 1, which will last a month and a half. So please submit your talk or share this video with someone who might be interested. Lets talk about the conference itself. All started with...
November โIn the Trend of VMโ (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux
November "In the Trend of VM" 21: vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here's a big one. Post on Habr rus Post on SecurityLab rus Digest on the PT website rus A total of nine vulnerabilities: RCE -...
About Remote Code Execution โ SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability
About Remote Code Execution - SAP NetWeaver CVE-2025-31324, CVE-2025-42999 vulnerability. SAP NetWeaver is the core SAP platform for running applications and integrating systems. Vulnerabilities were found in its Visual Composer component - a web tool for business app modeling. A lack of...
May Microsoft Patch Tuesday
May Microsoft Patch Tuesday. A total of 93 vulnerabilities - about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation: EoP - Microsoft DWM Core Library CVE-2025-30400 EoP - Windows CLFS Driver...
About Remote Code Execution โ Apache Tomcat (CVE-2025-24813) vulnerability
About Remote Code Execution - Apache Tomcat CVE-2025-24813 vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of...
February Microsoft Patch Tuesday
February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: EoP - Windows Ancillary Function Driver for WinSock CVE-2025-21418 EoP - Windows Storage CVE-2025-21391 There are no vulnerabilities with public exploits, but there are 7 with private...
On Monday, October 21, updates for the critical Remote Code Execution โ VMware vCenter (CVE-2024-38812) vulnerability were released again
On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...
October Linux Patch Wednesday
October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel. 5 vulnerabilities with signs of exploitation in the wild: Remote Code Execution - CUPS CVE-2024-47176 and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks Remote Co...
About Elevation of Privilege โ Windows Common Log File System Driver (CVE-2025-29824) vulnerability
About Elevation of Privilege - Windows Common Log File System Driver CVE-2025-29824 vulnerability. The vulnerability from the April Microsoft Patch Tuesday allows an attacker operating under a regular user account to escalate their privileges to SYSTEM level. According to Microsoft, the...
Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions?
Hello everyone! In my English-language telegram chat avleonovchat, the question was asked: "How to find zero day vulnerabilities with Qualys?" Apparently this question can be expanded. Not just with Qualys, but with any VM solution in general. And is it even possible? There was an interesting...
End of CentOS Linux. Where to migrate?
Hello everyone! As you probably know, CentOS Linux, the main Enterprise-level Linux server distribution, will soon disappear. It wasnt hard to predict when RedHat acquired CentOS in 2014, and now it is actually happening. End of life of CentOS Linux 8 was 31.12.2021. There wont be CentOS Linux as...
Microsoft security solutions against ransomware and APT
Last Tuesday I was invited to Microsoft business breakfast "Effective protection against targeted and multilevel attacks". Here I would like to share some of my thoughts on this. Need to mention that the food was delicious and the restaurant of Russian Geographical Society is a very lovely place...
March Linux Patch Wednesday
MarchLinux Patch Wednesday. In March, Linux vendors began addressing 575 vulnerabilities, which is 57 fewer than in February. Of these, 93 are in the Linux Kernel โฌ๏ธ a significant decrease - there were 305 in February. There are two vulnerabilities with signs of in-the-wild exploitation: ๐ป RCE -...
July Microsoft Patch Tuesday
July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: Memory Corruption - Chromium CVE-2025-6554 One vulnerability has an exploit available on...
About Elevation of Privilege โ Microsoft DWM Core Library (CVE-2025-30400) vulnerability
About Elevation of Privilege - Microsoft DWM Core Library CVE-2025-30400 vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successf...
March episode โIn the Trend of VMโ (#13): vulnerabilities of Microsoft, PAN-OS, ะกommuniGate and who should patch hosts with deployed application
March episode "In the Trend of VM" 13: vulnerabilities of Microsoft, PAN-OS, ะกommuniGate and who should patch hosts with deployed application. I'm posting the translated video with a big delay, but it's better than never. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website...
Malicious Open Source: the cost of using someone elseโs code
Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about malicious open source and the cost of using someone elses code. Alternative video link for Russia: Video in Russian from CISO Forum 2022: To be honest, at the beginnin...
Zbrunk search launcher and event types statistics
I also changed the priorities. Now I think it would be better not to integrate with Grafana, but to create own dashboards and GUI. And to begin with, I created a simple interface for Searching and Deleting events. upd. 16.12.2019 A small update on Zbrunk. First of all, I created a new API call th...
May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader
May "In the Trend of VM" 27: high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. While the previous April edition featured only one vulnerability, this one...
August Microsoft Patch Tuesday
August Microsoft Patch Tuesday. A total of 132 vulnerabilities, 20 fewer than in July. Of these, 25 were added between the July and August MSPT. Three are actively exploited, including two related to the trending SharePoint "ToolShell" flaw, exploited since July 17. RCE - Microsoft SharePoint...
About Cross Site Scripting โ MDaemon Email Server (CVE-2024-11182)
About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...
How to remove sensitive information from a Github repository
Hello everyone! In this episode, I would like to talk about Github and how to remove sensitive information that was accidentally uploaded there. Alternative video link for Russia: This is a fairly common problem. When publishing the project code on Github, developers forget to remove credentials:...
April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability
April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...
About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability
About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...
February Microsoft Patch Tuesday
February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six โ๏ธ vulnerabilities being exploited in the wild: ๐ป SFB/RCE - Windows Shell CVE-2026-21510 ๐ป SFB/RCE - Microsoft Word CVE-2026-21514 ๐ป SFB - MSHTML Framework CVE-2026-21513 ๐ป EoP -...
About SQL Injection โ Django (CVE-2025-64459) vulnerability
About SQL Injection - Django CVE-2025-64459 vulnerability. Django is a free and open-source high-level Python web framework. The vulnerability allows attackers to manipulate database query logic by injecting internal query parameters connector and negated when applications pass user-controlled...
August โIn the Trend of VMโ (#18): vulnerabilities in Microsoft Windows and SharePoint
August "In the Trend of VM" 18: vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup - this time, it's extremely short. Post on Habr rus Digest on the PT website rus Only two trending vulnerabilities: Remote Code Execution - Microsoft SharePoint Server "ToolShell"...
About Remote Code Execution โ Microsoft SharePoint Server โToolShellโ (CVE-2025-53770) vulnerability
About Remote Code Execution - Microsoft SharePoint Server "ToolShell" CVE-2025-53770 vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises...
About Remote Code Executionย โ Internet Shortcut Files (CVE-2025-33053) vulnerability
About Remote Code Execution - Internet Shortcut Files CVE-2025-33053 vulnerability. A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a...
About Remote Code Execution - PAN-OS (CVE-2026-0300) vulnerability
About Remote Code Execution - PAN-OS CVE-2026-0300 vulnerability. PAN-OS is an operating system for Palo Alto Networks firewalls and security platforms. User-IDโข Authentication Portal also known as Captive Portal is a non-default PAN-OS feature used to map IP addresses to usernames. By exploiting...
About Elevation of Privilege - Windows RDS (CVE-2026-21533) vulnerability
About Elevation of Privilege - Windows RDS CVE-2026-21533 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Remote Desktop Services RDS is a component of Microsoft Windows that allows a user to initiate and control an interactive session on a remote computer or virtua...
January Linux Patch Wednesday
JanuaryLinux Patch Wednesday. In January, Linux vendors started fixing 918 vulnerabilities, one and a half times more than in December. Of these, 616 are in the Linux Kernel. Three show signs of exploitation in the wild: ๐ป AuthBypass - GNU Inetutils telnetd CVE-2026-24061 ๐ป RCE - Safari...
About Remote Code Execution โ Microsoft SharePoint โToolShellโ (CVE-2025-49704) vulnerability
About Remote Code Execution - Microsoft SharePoint "ToolShell" CVE-2025-49704 vulnerability. This vulnerability is from the Microsoft's July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work...
July Linux Patch Wednesday
JulyLinux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild CISA KEV: SFB - Chromium CVE-2025-6554 There are also 36 vulnerabilities for which public exploits...
July โIn the Trend of VMโ (#17): vulnerabilities in Microsoft Windows and Roundcube
July "In the Trend of VM" 17: vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it's a very short one. Post on Habr rus Digest on the PT website rus Only three trending vulnerabilities: Remote Code Execution - Internet Shortcut Files CVE-2025-33053...
June โIn the Trend of VMโ (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver
June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...
About Cross Site Scripting โ Zimbra Collaboration (CVE-2024-27443) vulnerability
About Cross Site Scripting - Zimbra Collaboration CVE-2024-27443 vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user...
Zbrunk universal data analysis system
Zbrunk project github began almost like a joke. And in a way it is. In short, my friends and I decided to make an open-source MIT license tool, which will be a kind of alternative to Splunk for some specific tasks. So, it will be possible to: Put structured JSON events in Zbrunk using http...
About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability
About Elevation of Privilege - Linux Kernel "Fragnesia" CVE-2026-46300 vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from...
ะัะพ ััะทะฒะธะผะพััั Spoofing - Microsoft SharePoint Server (CVE-2026-32201)
About Spoofing - Microsoft SharePoint Server CVE-2026-32201 vulnerability. A vulnerability from the April Microsoft Patch Tuesday. The description provided by Microsoft experts is extremely vague: "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform...
March Microsoft Patch Tuesday
March Microsoft Patch Tuesday. A total of 79 vulnerabilities, about one and a half times more than in February. What's truly unusual is that this time there were no vulnerabilities with signs of exploitation in the wild or a public exploit! ๐ค At least not yet. ๐ The following vulnerabilities can ...
January โIn the Trend of VMโ (#23): vulnerabilities in Windows, React and MongoDB
January "In the Trend of VM" 23: vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. ๐ ๐ Post on Habr rus ๐ Digest on the PT website rus In total, three vulnerabilities: ๐ป EoP - Windows Cloud Files Mini Filter Driver...
About Remote Code Execution โ XWiki Platform (CVE-2025-24893) vulnerability
About Remote Code Execution - XWiki Platform CVE-2025-24893 vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags...
About Remote Code Execution โ Roundcube (CVE-2025-49113) vulnerability
About Remote Code Execution - Roundcube CVE-2025-49113 vulnerability. Roundcube is a popular open-source webmail client IMAP. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted...
Qualys new look and new products
As you all know, it's Black Hat 2017 time. This year Qualys seems to be the main newsmaker among Vulnerability Management vendors. Qualys Team renewed logo and website, updated marketing strategy, presented two new products: CloudView and CertView. I decided to take a look. Talking about design, ...
May Linux Patch Wednesday
May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...
About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability
About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...
November Microsoft Patch Tuesday
November Microsoft Patch Tuesday. A total of 65 vulnerabilities. I'm not comparing this with the October report because I've decided to cover only MSPT-day vulnerabilities. The thing is, Microsoft has started massively adding Linux-product vulnerabilities to their official website, and these...
About Cross Site Scripting โ Zimbra Collaboration (CVE-2025-27915) vulnerability
About Cross Site Scripting - Zimbra Collaboration CVE-2025-27915 vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client Classic Web Client allows an unauthenticated attacker to execute...
September Microsoft Patch Tuesday
September Microsoft Patch Tuesday. A total of 103 vulnerabilities, 29 fewer than in August. Of these, 25 vulnerabilities were added between the August and September MSPT. So far, no vulnerabilities are known to be exploited in the wild. Two have public PoC exploits: DoS - Newtonsoft.Json...