WinRAR RCE (CVE-2025-6218, CVE-2025-8088) has been exploited in phishing attacks by Paper Werewolf/GOFFEE and separately to deploy RomCom backdoors. #WinRAR #BiZone #ESET #RomCom #PaperWerewolf #GOFFEE ➡️ t.me/avleonovcom/15…

🚨 August #LinuxPatchWednesday: 867 vulns (455 in Kernel) - nearly 2× July. 1 exploited in the wild (#Chromium CVE-2025-6558). 72 with public exploits: #WordPress, #Kubernetes, #NVIDIA #ContainerToolkit, #PostgreSQL, #Kafka, #7Zip. ➡️ t.me/avleonovcom/15…

September Microsoft Patch Tuesday: 103 vulnerabilities (29 fewer than August), 25 added since last MSPT. None exploited in the wild; two have public PoCs. #Vulristics #PatchTuesday #Microsoft #Windows #Newtonsoft #Azure ➡️ t.me/avleonovcom/15…

👾 CVE-2025-31324 & CVE-2025-42999: SAP NetWeaver Visual Composer RCEs exploited in the wild; public exploits available. Patches released, but thousands of orgs may remain vulnerable. #SAP #NetWeaver #Onapsis ➡️ t.me/avleonovcom/15…

Symlink nightmare: 7-Zip RCE (CVE-2025-55188) lets attackers escape extraction dirs. Fixed in 25.01. #7Zip ➡️ t.me/avleonovcom/15…

September Linux Patch Wednesday. In September, Linux vendors began addressing 748 vulnerabilities, slightly fewer than in August. Of these, 552 are in the Linux Kernel. Of all of them, the RCE in Asterisk looks the most promising. 🤔 What do you think? ➡️ t.me/avleonovcom/15…

🚨 Critical RCE vulnerabilities found in TrueConf Server (BDU:2025-10114/15/16), security updates released Aug 27. #TrueConf #PTSWARM #PositiveTechnologies ➡️ t.me/avleonovcom/15…

September "In the Trend of VM" (#19): WinRAR, 7-Zip, SAP NetWeaver & TrueConf Server vulnerabilities — no Microsoft flaws this month! 😲🙂#TrendVulns #PositiveTechnologies #WinRAR #BiZone #ESET #RomCom #SAP #NetWeaver #Onapsis #7Zip #TrueConf #PTSWARM ➡️ t.me/avleonovcom/15…

Exploit PoCs often hide in blogs or vendor pages. Now VulnersCom gathers them too, making data more complete. 🧰📈 #Vulners #Vulristics #exploit ➡️ t.me/avleonovcom/15…

👾 ArcaneDoor strikes again: CVE-2025-20333 & CVE-2025-20362 allow remote code execution on Cisco ASA/FTD. Over 45k hosts at risk. #Cisco #CiscoASA #CiscoFTD #ArcaneDoor #RayInitiator #LINEVIPER #Shadowserver ➡️ t.me/avleonovcom/15…

🚨 Elevation of Privilege in Sudo (CVE-2025-32463): local attackers can escalate to root. Exploits are public, patches released, KEV listed. #Linux #sudo ➡️ t.me/avleonovcom/15…

🪟 October Microsoft Patch Tuesday. 213 vulns - 2× September. 41 added mid-cycle. 4 exploited in the wild. #Vulristics #PatchTuesday #Microsoft #Windows #IGELOS #Chromium #Unity #WSUS ➡️ t.me/avleonovcom/15…

October Linux Patch Wednesday. 801 vulns, 546 in Kernel. One exploited in wild. 39 more with public exploits. #Vulristics #Linux #VMware #Redis #RediShell #OpenSSH #7Zip #FreeIPA #Asterisk #MapServer #Binutils #OpenBabel ➡️ t.me/avleonovcom/15…

⚠️ CVE-2025-59287 — RCE in WSUS is being actively exploited in the wild; a public exploit is available — patch and reboot your WSUS servers now! #Microsoft #Windows #WSUS ➡️ t.me/avleonovcom/15…

⚠️ XSS in Zimbra (CVE-2025-27915) lets JS run via an email with a malicious .ics — exploit published Sep 30; used in the wild vs Brazil’s military before Jan 27 patch. #Zimbra #StrikeReadyLabs ➡️ t.me/avleonovcom/15…

🚨 Windows Agere Modem Driver (ltmdm64.sys) CVE‑2025‑24990 lets local attackers gain admin privileges — patched Oct 14, known since 2014; exploit public on Oct 16, CISA flags active attacks. #Windows #Agere #ltmdm64 ➡️ t.me/avleonovcom/15…

⚠️ Redis RCE "RediShell" (CVE-2025-49844): ~330k instances exposed on the Internet; PoC public. Patch to 8.2.2 now. #Redis #Wiz ➡️ t.me/avleonovcom/16…

🎯🐧 CVE-2025-38001: Linux Kernel HFSC vulnerability = root privileges for local attackers. Patch came in June, exploit in July, media silence since. #Linux #LinuxKernel #HFSC ➡️ t.me/avleonovcom/16…