Tag Archives: SecLab

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

Leave a reply

April In the Trend of VM (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷‍♂️🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of 11 trending vulnerabilities:

🔻 Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085)
🔻 Spoofing – Windows File Explorer (CVE-2025-24071)
🔻 Four Windows vulnerabilities from March Microsoft Patch Tuesday were exploited in the wild (CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-24983)
🔻 Three VMware “ESXicape” Vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)
🔻 Remote Code Execution – Apache Tomcat (CVE-2025-24813)
🔻 Remote Code Execution – Kubernetes (CVE-2025-1974)

На русском

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application

Leave a reply

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I’m posting the translated video with a big delay, but it’s better than never. 😉

📹 Video on YouTube and LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:31 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
🔻 01:12 Elevation of Privilege – Windows Storage (CVE-2025-21391)
🔻 01:53 Authentication Bypass – PAN-OS (CVE-2025-0108)
🔻 03:09 Remote Code Execution – CommuniGate Pro (BDU:2025-01331)
🔻 04:27 The VM riddle: who should patch hosts with a deployed application?
🔻 07:11 About the digest of trending vulnerabilities

На русском

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists

Leave a reply

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing. 😉

📹 Video on YouTube and LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:23 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
🔻 01:35 Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468)
🔻 02:38 Remote Code Execution – Windows OLE (CVE-2025-21298)
🔻 03:55 Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
🔻 05:02 Authentication Bypass – FortiOS/FortiProxy (CVE-2024-55591)
🔻 06:16 Remote Code Execution – 7-Zip (CVE-2025-0411)
🔻 07:27 Should a VM specialist be aware of what is happening in the Darknet?
🔻 08:48 About the digest of trending vulnerabilities

На русском

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

Leave a reply

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:29 Spoofing – Windows NTLM (CVE-2024-43451)
🔻 01:16 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)
🔻 02:16 Spoofing – Microsoft Exchange (CVE-2024-49040)
🔻 03:03 Elevation of Privilege – needrestart (CVE-2024-48990)
🔻 04:11 Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575)
🔻 05:19 Authentication Bypass – PAN-OS (CVE-2024-0012)
🔻 06:32 Elevation of Privilege – PAN-OS (CVE-2024-9474)
🔻 07:42 Path Traversal – Zyxel firewall (CVE-2024-11667)
🔻 08:37 Is it possible to Manage Vulnerabilities with no budget?
🔻 09:53 Should a VM specialist specify a patch to install on the host in a Vulnerability Remediation task?
🔻 10:51 Full digest of trending vulnerabilities
🔻 11:18 Backstage

На русском

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities

Leave a reply

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities. The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:37 Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090)
🔻 01:46 Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250)
🔻 02:38 Spoofing – Windows MSHTML Platform (CVE-2024-43573)
🔻 03:43 Remote Code Execution – XWiki Platform (CVE-2024-31982)
🔻 04:44 The scandal with the removal of Russian maintainers at The Linux Foundation, its impact on security and possible consequences.
🔻 05:22 Social “Attack on the complainer
🔻 06:35Ford’s method” for motivating IT staff to fix vulnerabilities: will it work?
🔻 08:00 About the digest, habr and the question contest 🎁
🔻 08:29 Backstage

На русском

I transformed my English-language site avleonov.com

Leave a reply

I transformed my English-language site avleonov.com

I transformed my English-language site avleonov.com. While my Russian-language site avleonov.ru was intended as a mirror of my Telegram channel @avleonovrus, I wasn’t sure how to move forward with the English-language site. 🤔

I’ve been running it since 2016. For a long time, it was my main VM blog. Since February 2020, I have been making posts there exclusively with videos. 🪧 I have released 94 videos. But over time, I grew tired of this format. 😮‍💨 It was easier and more engaging to create videos in Russian (starting with “Прожекторе по ИБ“, and later in “В тренде VM“) and translate them into English when needed.

Since March 2024, the English site had no updates. New posts appeared exclusively on the Telegram channel @avleonovcom. 🤷‍♂️ So, I decided to make the site a mirror of this channel. 🪞

✅ I updated the scripts and uploaded 117 Telegram posts (since March 2024) to the site, leaving the earlier content as is.

На русском

Trending vulnerabilities for June according to Positive Technologies

Leave a reply

Trending vulnerabilities for June according to Positive Technologies. Traditionally, in 3 formats (in Russian):

📹 The section “Trending VM” in the SecLab news video (starts at 15:03)
🗞 Post on the Habr website, in fact this is a slightly expanded scenario for the “Trending VM” section
🗒 Compact digest with technical details on the official PT website

List of vulnerabilities:

🔻 EoP in Microsoft Windows CSC (CVE-2024-26229)
🔻 EoP in Microsoft Windows Error Reporting (CVE-2024-26169)
🔻 EoP in Microsoft Windows Kernel (CVE-2024-30088)
🔻 RCE in PHP (CVE-2024-4577)
🔻 EoP in Linux Kernel (CVE-2024-1086)
🔻 InfDisclosure in Check Point Security Gateways (CVE-2024-24919)
🔻 RCE in VMware vCenter (CVE-2024-37079, CVE-2024-37080)
🔻 AuthBypass in Veeam Backup & Replication (CVE-2024-29849)

На русском