Alexander V. Leonov

June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild: 🔻 RCE – WEBDAV (CVE-2025-33053). The vulnerability is related to Internet Explorer mode in Microsoft Edge and […]

About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706) vulnerabilities. When Microsoft disclosed these vulnerabilities in the May Patch Tuesday, attackers were already exploiting them in the wild. The Common Log File System (CLFS) is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode. […]

About Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400) vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successful exploitation could grant an attacker SYSTEM-level privileges. At the time the vulnerability […]

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user opens the email in the classic Zimbra web interface, the malicious […]

About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182). An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server’s web interface, the malicious JavaScript code will execute in the context of the web browser window. This allows the […]

Vulnerabilities of Western logistics. On May 21, Western intelligence agencies released joint advisory AA25-141A about attacks targeting infrastructure of Western logistics and tech companies. Alongside the usual Five Eyes, intelligence services from Germany, Czech Republic, Poland, Denmark, Estonia, France, and the Netherlands also contributed. The advisory blames Fancy Bear group, allegedly linked to Russian state […]

Impressions from PHDays Fest. 🏟 🔹 The scale was just insane. You walk and walk – and there’s action everywhere, and all of it is PHDays, every bit of it. 👀 It totally blew my mind, I saw just a tiny fraction of everything that was going on. 🤯🙂 🔹 In the public area, I […]

May Linux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 🤯 5 vulnerabilities are exploited in the wild: 🔻 RCE – PHP CSS Parser (CVE-2020-13756). In AttackerKB, an exploit exists.🔻 DoS – Apache ActiveMQ (CVE-2025-27533). In AttackerKB, an exploit exists.🔻 SFB – Chromium (CVE-2025-4664). In CISA KEV.🔻 PathTrav – […]

May “In the Trend of VM” (#15): vulnerabilities in Microsoft Windows and the Erlang/OTP framework. A traditional monthly vulnerability roundup. 🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) A total of 4 trending vulnerabilities: 🔻 Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824)🔻 Elevation of Privilege – Windows […]

About Remote Code Execution – 7-Zip (BDU:2025-01793) vulnerability. It’s about the fact that files unpacked using 7-Zip don’t get the Mark-of-the-Web. As a result, Windows security mechanisms don’t block the execution of the unpacked malware. If you remember, there was a similar vulnerability in January – CVE-2025-0411. The problem was with running files from the […]