Author Archives: Alexander Leonov

About Alexander Leonov

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven't used Telegram yet, give it a try. It's great. You can discuss my posts or ask questions at @avleonovchat. А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management

Leave a reply

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management. As part of this solution, Qualys provides ready-to-use Cyber Risk Agents that operate autonomously and act as an additional skilled digital workforce. Agentic AI not only detects issues and provides analytics but also autonomously identifies critical risks, prioritizes them, and launches targeted remediation workflows.

Available agents on the marketplace:

🔹 Identification and prioritization of risks related to external attacks
🔹 Adaptive cloud risk assessment
🔹 Audit readiness evaluation and reporting
🔹 Threat-based risk prioritization
🔹 Autonomous “Microsoft Patch Tuesday” cycle
🔹 Self-Healing agent for vulnerability management

They also introduced the Cyber Risk Assistant – a guided interface that transforms risk data into context-aware actions with autonomous execution.

На русском

July Linux Patch Wednesday

1 Reply

July Linux Patch Wednesday

July Linux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild (CISA KEV):

🔻 SFB – Chromium (CVE-2025-6554)

There are also 36 (❗️) vulnerabilities for which public exploits are available or suspected to exist. Notable among them:

🔸 RCE – Redis (CVE-2025-32023), pgAdmin (CVE-2024-3116), Git (CVE-2025-48384)
🔸 EoP – Sudo (CVE-2025-32462, CVE-2025-32463)
🔸 PathTrav – Tar (CVE-2025-45582)
🔸 XSS – jQuery (CVE-2012-6708)
🔸 SFB – PHP (CVE-2025-1220)
🔸 DoS – LuaJIT (CVE-2024-25177), Linux Kernel (CVE-2025-38089)
🔸 MemCor – DjVuLibre (CVE-2025-53367)

🗒 Full Vulristics report

На русском

About Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770) vulnerability

1 Reply

About Remote Code Execution - Microsoft SharePoint Server ToolShell (CVE-2025-53770) vulnerability

About Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770) vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises SharePoint Server instance allows remote unauthenticated attackers to execute arbitrary code.

👾 On July 18, Eye Security researchers reported mass exploitation of this vulnerability in conjunction with the spoofing vulnerability CVE-2025-53771. CVE-2025-53770 and CVE-2025-53771 are evolutions of the vulnerabilities CVE-2025-49704 and CVE-2025-49706 from the July MSPT.

🔻 On July 19, Microsoft released updates for SharePoint Server 2016, 2019, and Subscription Edition. They also recommended integrating with the Antimalware Scan Interface.

🔨 Public exploits have been available on GitHub since July 21.

На русском

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube

Leave a reply

July In the Trend of VM (#17): vulnerabilities in Microsoft Windows and Roundcube

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it’s a very short one. 🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

Only three trending vulnerabilities:

🔻 Remote Code Execution – Internet Shortcut Files (CVE-2025-33053)
🔻 Elevation of Privilege – Windows SMB Client (CVE-2025-33073)
🔻 Remote Code Execution – Roundcube (CVE-2025-49113)

На русском

About Remote Code Execution – Internet Shortcut Files (CVE-2025-33053) vulnerability

1 Reply

About Remote Code Execution - Internet Shortcut Files (CVE-2025-33053) vulnerability

About Remote Code Execution – Internet Shortcut Files (CVE-2025-33053) vulnerability. A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a specially crafted .url file, delivered, for example, through a phishing attack.

🔹 The vulnerability was reported by Check Point researchers. On June 10, the day of Microsoft’s June Patch Tuesday, they published technical details on their website. The vulnerability had been exploited by the APT group Stealth Falcon since at least March 2025. The exploitation led to the download and execution of malware (Horus Agent) from the attacker’s WebDAV server.

🔹 Exploits for this vulnerability have been available on GitHub since June 12.

На русском

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability

1 Reply

About Remote Code Execution - Roundcube (CVE-2025-49113) vulnerability

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability. Roundcube is a popular open-source webmail client (IMAP). An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted Data (CWE-502).

🔹 On June 1, the vendor released patched versions 1.6.11 and 1.5.10. Within 48 hours, attackers had analyzed the patch, and exploit sale offers began appearing on the dark web.

🔹 On June 3, PT SWARM experts successfully reproduced the vulnerability.

🔹 Since June 5, public exploits have been available on GitHub.

🔹 On June 6, Kirill Firsov, the researcher who reported the vulnerability, published a detailed write-up. He claims the vulnerability existed in the code for 10 years and that it shows signs of exploitation in the wild.

🔹 On June 16, reports emerged of a successful attack on a German email hosting provider using this vulnerability.

На русском

July Microsoft Patch Tuesday

2 Replies

July Microsoft Patch Tuesday

July Microsoft Patch Tuesday. A total of 152 vulnerabilities – twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild:

🔻 Memory Corruption – Chromium (CVE-2025-6554)

One vulnerability has an exploit available on GitHub:

🔸 EoP – Windows Update Service (CVE-2025-48799). This vulnerability may be exploited on Windows 11/10 hosts with two or more hard drives.

Notable among the rest:

🔹 RCE – CDPService (CVE-2025-49724), KDC Proxy Service (CVE-2025-49735), SharePoint (CVE-2025-49704, CVE-2025-49701), Hyper-V DDA (CVE-2025-48822), MS Office (CVE-2025-49695), NEGOEX (CVE-2025-47981), MS SQL Server (CVE-2025-49717)
🔹 InfDisc – MS SQL Server (CVE-2025-49719)
🔹 EoP – MS VHD (CVE-2025-49689), TCP/IP Driver (CVE-2025-49686), Win32k (CVE-2025-49727, CVE-2025-49733, CVE-2025-49667), Graphics Component (CVE-2025-49732, CVE-2025-49744)

🗒 Full Vulristics report

На русском