May “In the Trend of VM” (#15): vulnerabilities in Microsoft Windows and the Erlang/OTP framework. A traditional monthly vulnerability roundup. 
Post on Habr (rus)
Digest on the PT website (rus)
A total of 4 trending vulnerabilities:
Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824) Elevation of Privilege – Windows Process Activation (CVE-2025-21204) Spoofing – Windows NTLM (CVE-2025-24054) Remote Code Execution – Erlang/OTP (CVE-2025-32433)
April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 
Post on Habr (rus) Digest on the PT website (rus)
A total of 11 trending vulnerabilities:
Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085) Spoofing – Windows File Explorer (CVE-2025-24071) Four Windows vulnerabilities from March Microsoft Patch Tuesday were exploited in the wild (CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-24983) Three VMware “ESXicape” Vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) Remote Code Execution – Apache Tomcat (CVE-2025-24813) Remote Code Execution – Kubernetes (CVE-2025-1974)
March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I’m posting the translated video with a big delay, but it’s better than never. 
Video on YouTube and LinkedIn Post on Habr (rus) Digest on the PT website
Content:
00:00 Greetings 00:31 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2025-21418) 01:12 Elevation of Privilege – Windows Storage (CVE-2025-21391) 01:53 Authentication Bypass – PAN-OS (CVE-2025-0108) 03:09 Remote Code Execution – CommuniGate Pro (BDU:2025-01331) 04:27 The VM riddle: who should patch hosts with a deployed application? 07:11 About the digest of trending vulnerabilities
New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing.
Video on YouTube and LinkedIn Post on Habr (rus) Digest on the PT website
Content:
00:00 Greetings 00:23 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112) 01:35 Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468) 02:38 Remote Code Execution – Windows OLE (CVE-2025-21298) 03:55 Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) 05:02 Authentication Bypass – FortiOS/FortiProxy (CVE-2024-55591) 06:16 Remote Code Execution – 7-Zip (CVE-2025-0411) 07:27 Should a VM specialist be aware of what is happening in the Darknet? 08:48 About the digest of trending vulnerabilities
New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom “Vulnerability Management and More”.
Video on YouTube, LinkedIn Post on Habr (rus) Digest on the PT website
Content:
00:00 Greetings 00:28 Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) 01:30 Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) 02:37 Remote Code Execution – Apache Struts (CVE-2024-53677) 03:31 Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) 04:44 Trending vulnerabilities for 2024
08:10 Channel mascot 
I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending (to compare the scale, just over 40,000 were added to NVD in 2024).
All trending vulnerabilities are found in Western commercial products and open source projects. This year, the vulnerabilities of domestic Russian products did not reach the level of criticality required to classify them as trending.
For 55 of all trending vulnerabilities there are currently signs of exploitation in attacks, for 17 there are public exploits (but no signs of exploitation) and for the remaining 2 there is only a possibility of future exploitation.
Vulnerabilities were often added to trending ones before signs of exploitation in the wild appeared. For example, the remote code execution vulnerability in VMware vCenter (CVE-2024-38812) was added to the list of trending vulnerabilities on September 20, 3 days after the vendor’s security bulletin appeared. There were no signs of exploitation in the wild or public exploit for this vulnerability. Signs of exploitation appeared only 2 months later, on November 18.
Most of the vulnerabilities in the trending list are of the following types: Remote Code or Command Execution (24) and Elevation of Privilege (21).
4 vulnerabilities in Barracuda Email Security Gateway (CVE-2023-2868), MOVEit Transfer (CVE-2023-34362), papercut (CVE-2023-27350) and SugarCRM (CVE-2023-22952) were added in early January 2024. These vulnerabilities were massively exploited in the West in 2023, and attacks using these vulnerabilities could also tangentially affect those domestic Russian organizations where these products had not yet been taken out of service. The rest of the vulnerabilities became trending in 2024.
34 trending vulnerabilities affect Microsoft products (45%).
17 of them are Elevation of Privilege vulnerabilities in the Windows kernel and standard components.
1 Remote Code Execution vulnerability in Windows Remote Desktop Licensing Service (CVE-2024-38077).
2 trending Elevation of Privilege vulnerabilities affect Linux systems: one in nftables (CVE-2024-1086), and the second in needrestart (CVE-2024-48990).
Other groups of vulnerabilities
Phishing attacks: 19 (Windows components, Outlook, Exchange, Ghostscript, Roundcube) Network security and entry points: 13 (Palo Alto, Fortinet, Juniper, Ivanti, Check Point, Zyxel) Virtual infrastructure and backups: 7 (VMware, Veeam, Acronis) Software development: 6 (GitLab, TeamCity, Jenkins, PHP, Fluent Bit, Apache Struts) Collaboration tools: 3 (Atlassian Confluence, XWiki) CMS WordPress plugins: 3 (LiteSpeed Cache, The Events Calendar, Hunk Companion)
Article on the official website “Vulnerable software and hardware vs. security researchers” (rus)
Aggregators of actively discussed vulnerabilities. Alexander Redchits updated his list of services that highlight TOP CVE vulnerabilities and uploaded it with descriptions to teletype (in Russian). Now there are 11 of them:
1. Intruder’s Top CVE Trends & Expert Vulnerability Insights
2. Cytidel Top Trending
3. CVE Crowd
4. Feedly Trending Vulnerabilities
5. CVEShield
6. CVE Radar
7. Vulners “Discussed in social networks”
8. Vulmon Vulnerability Trends
9. SecurityVulnerability Trends
10. CVESky
11. Vulnerability-lookup
It’s great that there are so many of them! 
But for the most part, these services are NOT about real attacks and exploitability, but about the desire of the information security community to discuss some vulnerabilities. What is being discussed may not always be important to you.
And the attention span of the information security community is like that of a goldfish: they analyze a vulnerability/incident, demonstrate their expertise and immediately forget about it. 
It’s fascinating to look at these selections of CVE vulnerabilities, but using these lists to prioritize vulnerabilities in the VM process is a bad idea. It’s better to focus on the trending vulnerability lists provided by Positive Technologies. 
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.