From Dark Reading – Whopping Number of Microsoft Zero-Days Under Attack
The number of zero-day vulnerabilities getting patched in Microsoft’s March update is the company’s second-largest ever. Read More
Tag heap-based buffer overflow
From Security Week – Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday
[[{“value”:”Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild. The post Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday appeared first on SecurityWeek.”}]] Read More
From Cybersecurity Help – Three zero-day flaws in VMware ESXi, Workstation, and Fusion exploited in the wild
Google has rolled out its monthly Android Security Bulletin for March 2025 to fix over 40 vulnerabilities, including two zero-days. Read More
From Cyber Security News – Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges – PoC Released
Threat actors have actively exploited CVE-2025-21333, a critical vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This heap-based buffer overflow vulnerability allows local attackers to escalate their privileges to the SYSTEM level, posing a significant security…
From Cyber Security News – Linux Grub Read Command Buffer Overflow Vulnerability Enabling Potential Secure Boot Bypass
A newly disclosed vulnerability in the GRUB2 bootloader’s read command (CVE-2025-0690) has raised concerns about potential Secure Boot bypasses and heap memory corruption in Linux systems. Red Hat Product Security rates this integer overflow flaw as moderately severe. It could…
From Cyber Security News – CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers. These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical…
From Cyber Security News – Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely
A critical zero-day vulnerability has been discovered in a Windows driver, allowing attackers to gain remote access to systems. This vulnerability, identified as CVE-2025-21418, was disclosed on February 11, 2025, and is classified as “Important” with a CVSS score of…