The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The nature of the CVE assignment process can result in a notable delay between problem investigation and patch release, which is mitigated by reserving a CVE ID early in the process. As for trends in vulnerability exploitation, we are seeing increasing rates of attacks targeting older operating system versions. This is mainly driven by two factors: users not installing updates promptly, and the ongoing rollout of new OS versions that include improved protections against the exploitation of vulnerabilities in certain subsystems.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. The data is taken from cve.org.

Total number of registered vulnerabilities and number of critical ones, Q1 2024 and Q1 2025 (download)

The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report examines the characteristics of vulnerabilities in the Linux operating system and Microsoft software, specifically the Windows OS. Given that the Linux kernel developers have obtained the status of a CVE Numbering Authority (CNA) and they can independently assign CVE identifiers to newly discovered security issues, all information about vulnerabilities can now be obtained firsthand.

Let us look at the Linux kernel vulnerabilities registered in the first quarter of 2025 and categorized according to their Common Weakness Enumeration (CWE) types.

Top 10 CWEs for Linux kernel vulnerabilities registered in Q1 2025 (download)

For Linux, the most common CWEs are those with the following identifiers:

• CWE-476: Null Pointer Dereference
• CWE-416: Use after Free
• CWE-667: Improper Locking
• CWE-125: Out-of-bounds Read
• CWE-908: Use of Uninitialized Resource, most often referring to regions of system memory

This set of vulnerability types is fairly common for system software. That said, exploiting vulnerabilities in these CWEs often demands complex read-and-write capabilities from attackers, due to Linux’s robust exploit mitigations such as kernel address space layout randomization (KASLR).

Let us examine similar statistics for Microsoft software. Given the developer’s extensive product lineup, a variety of security issues have been identified. As a result, we will limit our analysis to the most common CWEs for vulnerabilities disclosed during the first quarter of 2025.

TOP 10 CWEs for Microsoft product vulnerabilities registered in Q1 2025 (download)

In addition to the CWEs described above, the following types of vulnerabilities were also frequently reported in the first quarter:

• CWE-122: Heap-based Buffer Overflow
• CWE-787: Out-of-bounds Write

In general, the TOP 10 CWEs for Microsoft products and the Linux kernel tend to be similar or overlap, which means the vulnerabilities are rooted in comparable principles. As a result, we often see attack techniques being “ported” from Linux to Windows and vice versa, with attackers modifying existing exploits to target a different operating system. This method is likewise applied to multiple products of the same software type.

These CWEs have remained an issue for some time, in spite of ongoing efforts from the research and development community. Knowing the most frequently encountered vulnerabilities on a given platform provides insight into which tools attackers are likely to use to compromise it.

Exploitation statistics

This section presents statistics on vulnerability exploitation for the first quarter of 2025. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

The first quarter of 2025 saw a year-over-year increase in attacks using Windows exploits. As before, the vast majority of detected exploits targeted Microsoft Office products. Even though office suite applications are now widely available as cloud services, vulnerable local versions remain popular with users.

Historically, Kaspersky products have most often detected exploits targeting the Windows platform that leverage the following older vulnerabilities:

• CVE-2018-0802: a remote code execution vulnerability in the Equation Editor component
• CVE-2017-11882: another remote code execution vulnerability, also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad allowing an attacker to gain control over the system

These three vulnerabilities were the most prevalent throughout 2024, and we expect this trend to continue.

Following the top three vulnerabilities, other commonly exploited issues include vulnerabilities in WinRAR and in the Windows operating system itself, such as:

• CVE-2023-38831: a vulnerability in WinRAR involving improper handling of files within archive contents
• CVE-2024-35250: a vulnerability in the ks.sys driver that stems from dereferencing an untrusted pointer, which can allow an attacker to execute arbitrary code
• CVE-2022-3699: a vulnerability in the Lenovo Diagnostics Driver that allows improper issuance of IOCTL commands, enabling the attackers to read from or write to arbitrary kernel memory

All of the vulnerabilities listed above can be used for privilege escalation, and those affecting the kernel and drivers can result in full system compromise. For this reason, we strongly recommend regularly installing updates for the relevant software.

Dynamics of the number of Windows users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

For the Linux operating system, the most frequently exploited vulnerabilities in early 2025 targeted the following issues:

• CVE-2022-0847, also known as Dirty Pipe: a widespread vulnerability that allows privilege escalation and enables attackers to take control of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-3156: a heap overflow vulnerability in the sudo utility that allows attackers to escalate privileges to root

Dynamics of the number of Linux users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

It is essential to keep your operating system and software up to date by promptly installing all available patches and updates. However, updates for the Linux kernel and applications included with most distributions are critical, as a single vulnerability can lead to full system compromise.

Most common published exploits

Distribution of published exploits by platform, Q4 2024 (download)

Distribution of published exploits by platform, Q1 2025 (download)

In the first quarter of 2025, operating systems – among the most complex types of software – continued to account for the highest number of published exploits. This is due to the large codebase and numerous OS components, as well as the operating system’s critical role in device functionality. Furthermore, we are seeing a steady rise in the number of browser exploits, a trend that continued throughout the past year. The proportion of exploits targeting vulnerabilities in Microsoft Office products has also increased.

Vulnerability exploitation in APT attacks

We analyzed data on attacks carried out by APT groups and identified which vulnerabilities they most frequently exploited during the first quarter of 2025. The following rankings are informed by our telemetry, research, and open-source data.

Top 10 vulnerabilities exploited in APT attacks, Q1 2025 (download)

Most attacker techniques are designed to gain access to the victim’s local network. As a result, the most commonly targeted vulnerabilities are typically found in perimeter devices and software that can function as server. Notably, the well-known critical Zerologon vulnerability, which allows attackers to take over a domain controller, has reappeared in the TOP 10 most exploited vulnerabilities.

The only exception to this trend is software used for accessing information, such as text editors and file-sharing applications.

Interesting vulnerabilities

This section covers the most noteworthy vulnerabilities published in the first quarter of 2025.

ZDI-CAN-25373: a vulnerability in Windows that affects how LNK files are displayed

The first vulnerability to make our list has been actively exploited against users for some time, yet it still lacks a CVE identifier. It affects LNK files in the Windows operating system. The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts. In the Target field, attackers add extra characters, such as spaces or line breaks, after a legitimate-looking path, followed by malicious commands that can compromise the system. At the same time, only the first part of the path is shown in the shortcut’s properties:

Example of shortcut properties with additional characters that are not fully displayed in File Explorer

Opening a shortcut like this executes commands that are hidden from the user. For example, the Target field might include arguments at the end of the line that trigger a request to download a payload using powershell.exe. It is important to consider the psychological aspect of this vulnerability: a file with hidden malicious activity like this can mislead users, since they cannot see the main actions that will be performed when the file is opened.

CVE-2025-21333: a heap buffer overflow vulnerability in the vkrnlintvsp.sys driver

This is a buffer overflow vulnerability in the kernel’s paged pool memory allocation that was actively exploited in zero-day attacks against end-user systems. The vulnerable vkrnlintvsp.sys driver, designed for Hyper-V, improperly handles pointers to kernel pool structures. This results in a paged pool overflow, allowing attackers to execute arbitrary code or escalate their privileges.

Notably, this vulnerability can be exploited during process creation within Windows Sandbox. The name of the vulnerable function, VkiRootAdjustSecurityDescriptorForVmwp, suggests that providing a security descriptor that exceeds the allowed size is sufficient to trigger the vulnerability. In this scenario, the memory counter responsible for calculating the security descriptor’s length will overflow, enabling arbitrary read/write operations of 0xffff bytes and ultimately allowing attackers to escape the sandbox environment.

CVE-2025-24071: a NetNTLM hash leakage vulnerability in the file system indexer

A built-in feature of File Explorer in all Windows operating systems has become a common tool for stealing NetNTLM hashes. Attackers distributed a malicious file with a .library-ms extension that contained a specially crafted directory path. The appearance of this file in the victim’s file system triggers the indexing mechanism. It opens a specified directory, and the operating system automatically performs NTLM authentication in the background without notifying the user, which results in the disclosure of NetNTLM hashes.

Conclusion and advice

The number of vulnerabilities registered in the first quarter of 2025 might appear misleading. One possible reason for the decrease is that security research findings or vulnerability descriptions are sometimes published well after the vulnerabilities are initially discovered. Therefore, it is critically important to update all software and devices as soon as updates become available.

To stay safe, it is essential to respond promptly to changes in the threat landscape. It is also recommended to ensure the following:

• Maintain continuous, around-the-clock monitoring of your infrastructure, with particular attention to perimeter defenses.
• Implement strong patch management process and apply security fixes without delay. Solutions like Kaspersky Vulnerability and Patch Management and Kaspersky Vulnerability Data Feed can be used to configure and automate vulnerability and patch management.
• Use robust solutions that can detect and block malware on corporate devices, and comprehensive tools that include incident response plans, employee training programs, and an up-to-date cyberthreat database.

securelist.com/vulnerabilities…

The following was a letter submitted by an anonymous Pirate supporter using the pseudonym “Forward Thoughts”, sharing critiques of “Uncle Sam”. This article is apart of the project “Message in a Bottle”, allowing supporters of the US Pirate Party to submit editorial articles to the United States Pirate Party website.

Uncle Sam, the personification of the federal government, is supposed to be a beacon of democracy and good fortune towards the will of the people right here in the United States of America. However, he has gotten too big for his britches since the beginning. History highlighting this goes as far back as Uncle Sam exerting his power from the Whiskey Rebellion to recently using the Enemy Alien Act of 1787 to deport immigrant dissenters speaking out against the genocide happening in Palestine.

Every state relies on his charity to a certain extent, some more than others. How can we rely on our government to provide for its people when it directly meddles and persistently goes against the will of its people by starting wars and cutting funds to social programs, sometimes it creates on its own volition?

In a way, the American people receive assistance from the suits and ties of Capitol Hill in Washington D.C., that assistance comes in the form of government regulations more so than it comes from funding assistance. Guns, voting, criminal penalties, taxes, immigration, etc. are always the hot button issues every politician or candidate running for office has on their agenda.

“I want to be controlled harder by my government” said no one ever.

In order to curtail exerting pragmatic force against the will of the people, there’s supposed to be a system our founding fathers put in place called “checks and balances.” How this works is there’s the executive branch consisting of the presidency and cabinet members, Congress which consists of both the House of Representatives and the Senate, and the Supreme Court which consists of 9 justices.

However, what happens when all 3 branches reciprocate the same political ideology as one another? Who’s gonna stop these corrupt politicians from filling the coffers of themselves and of their allies (the oligarchy) they’re in cahoots with? Now we’re faced with a constitutional crisis where all 3 branches need to be severed like an infected limb.

Get this: Uncle Sam can exert his power over the economy on a whim. Right now President Trump is putting his hand up Uncle Sam as a puppet and he’s levying taxes on Chinese imports and other countries around the world. In retaliation, other countries he’s levied tariffs on are levying retaliatory tariffs against our imports into their countries. Consequently, prices on goods and services are rising. Stocks on the stock market are plummeting.

History is repeating itself. Remember back in US history class (well, hopefully you were taught this in US history class) about the Great Depression at the very end of the 1920s? Part of the reason why the economy went into a spiral was because of then Congress’s tariffs on foreign imports. Consumers no longer were able to afford products, therefore companies losing profits, especially those in the manufacturing industry, laid off workers.

Granted it wasn’t as if President Hoover bypassed Congress to make the tariffs happen, but my point still stands on how tariffs cause unintentional side effects to our everyday lives.

Lesson learned: tariffs backfire immensely on the economy.

Then President Nixon back in 1969 wanted to defund TV program PBS, Public Broadcasting Service. The nonprofit network was created to provide educational programming in a non-commercialized manner. It has brought us shows such as Sesame Street, Arthur, Mr. Rogers’ Neighborhood, just to name a few.

Speaking of Mr. Rogers, he testified before Congress and managed to avert budget cuts for the nationally renowned TV station. Fast forward to present day 2025 — Republicans in Congress and President Trump are trying to cut funds for PBS. History is repeating itself yet again. Will we have a savior of PBS like we did back in 1969?

Lesson to be learned: PBS really is made possible by viewers like you.

Even at the state level, funding can be granted and cut based on the current majority party’s and governor’s ideology of that time. Pennhurst State School & Hospital in Spring City, PA is one of many examples of state government apathetic to the welfare of its people, especially a vulnerable population.

Opened in 1908 and closed in 1987, Pennhurst State School & Hospital was a product of an era of eugenics where those deemed unfit to reproduce in the Caucasian gene pool were euthanized or removed from society. Marginalized groups such as the epileptic and the mentally disabled were housed here, but soon grew to orphans, physically disabled, etc. Within a few years Pennhurst became overcrowded and conditions became deplorable.

In 1968, Bill Baldini did a 5-part segment on the conditions at Pennhurst exposing its wretched standard of living and abuse residents faced. There was a public outcry after the segment aired. Conditions seldomly improved from there on out until its closure in 1987. Fortunately, these residents were moved to boarding homes.

Have you ever heard of a Kirkbride psychiatric hospital? They’re long-term psychiatric hospitals designed in a batwing fashion with emphasis on natural light and air circulation. However, lack of funding and mismanagement had led to conditions in a handful of these facilities to be anything but cheery. In fact, it is what can easily be described as wicked.

Trenton Psychiatric Hospital in Trenton, NJ, under the direction of Dr. Henry Cotton, extracted organs and teeth from patients. In spite of high mortality rates and disprovable claims of cure rates, this persisted at the behest of Dr. Cotton during his tenure.

Philly (Philadelphia) State Hospital at Byberry opened in 1907. Unlike Trenton Psychiatric Hospital and others similar to Trenton, it was not made using the Kirkbride blueprints. This didn’t make the hospital any less susceptible to daunting conditions such as overcrowding, barbaric experiments, abuse, and neglect.

Props are in order to a conscientious objector named Charlie Lord, who between 1945 and 1946 was so appalled by the conditions he took note of that he covertly took photos and leaked them to the press. In these photos, raw sewage and naked men lined the hallways of Byberry.

Lesson to be learned: these residents were at the mercy of state politicians apathetic to their basic needs. Moreover and lastly, psychiatric hospitals such as the Kirkbride hospitals and disabled residential facilities such as Pennhurst are archaic and stunt personal psychiatric growth in patients.

Most states’ systems are designed to where property taxes fund our public schools. Back in the late 1800s, public schools were a shining gem of what America could be. Nowadays in many communities, our schools are nothing more than shadows of their former selves, meeting the minimum standards set by the state for funding.

Gone are the days of home economics and industrial shop classes. It’s all about standardized testing mandated by the state capital and even Uncle Sam, which is basically modern day phrenology. There’s educators and politicians who’ll justify this inane waste of paper by saying it measures how schools are doing with educating their students.

Standardized testing can be summed up in four words, it’s this: elite stay in control.

Lesson to be learned: standardized testing is a disease on our education system designed to punish lower socioeconomic schools and to keep those at the higher end of the socioeconomic.

uspirates.org/message-in-a-bot…

What if you could design your 3D print to fall apart on purpose? That’s the curious promise of a new paper from CHI 2025, which brings a serious hacker vibe to the sustainability problem of multi-material 3D printing. Titled Enabling Recycling of Multi-Material 3D Printed Objects through Computational Design and Disassembly by Dissolution, it proposes a technique that lets complex prints disassemble themselves via water-soluble seams. Just a bit of H₂O is needed, no drills or pliers.

At its core, this method builds dissolvable interfaces between materials like PLA and TPU using water-soluble PVA. Their algorithm auto-generates jointed seams (think shrink-wrap meets mushroom pegs) that don’t interfere with the part’s function. Once printed, the object behaves like any ordinary 3D creation. But at end-of-life, a water bath breaks it down into clean, separable materials, ready for recycling. That gives 90% material recovery, and over 50% reduction in carbon emissions.

This is the research – call it a very, very well documented hack – we need more of. It’s climate-conscious and machine-savvy. If you’re into computational fabrication or environmental tinkering, it’s worth your time. Hats off to [Wen, Bae, and Rivera] for turning what might otherwise be considered a failure into a feature.

youtube.com/embed/akN1_7oDHr8?…

hackaday.com/2025/05/30/sustai…

nugole.it/nugoletta/ju/p/17485…

Ju

2025-05-30 05:21:56

Questo è bello.
Storie di Verona: il brigante Falasco.

La torre Falasco è ancora in piedi, costruita in una specie di rientranza - coalo - in una delle molte falesie. Si vede facendo un po' di attenzione quando si risale la Valpantena, è sul lato a sinistra della valle venedo su da Verona.
Nell'articolo dice che s'è perso arrivandoci ma da quel che mi ricordo c'è una stradella abbastanza confortevole che porta su.

larena.it/rubriche/vi-cammino-…

La leggenda del Brigante Falasco. Bello e spietato, era il terrore della valle

I Balladoro, i Leonardi, i Tedeschi, gli Oliboni, i Benella di Laudi, i Rotari, i Padoani, gli Allegri… Perché dal passato riaffiorano... Scopri di più

^{Alessandro Anderloni (L'Arena)}

The Trump administration’s hostility to First Amendment rights extends beyond the press to nonprofit organizations, museums, colleges, and anyone else who might question his infallibility.

But his targeting of the press is a key component of the administration’s effort to appoint itself the country’s sole arbiter of truth. Freedom of the Press Foundation (FPF) Advocacy Direction Seth Stern writes for the Daily Beast that in Trump’s view, “inconvenient truths and malicious lies are equally troublesome. They must be met with equal force.”

Stern urged journalists and others who value press freedom to treat these attacks not as passing storms but as existential threats.

Read Stern’s article here.

freedom.press/issues/when-alte…

Io sono un appassionato di linux e del software libero, potremmo dire un entusiasta. Continuerò a consigliarlo a tutti e ad aiutare gli amici ad installarlo quando vogliono provarlo o migliorare la loro vita digitale.

Ma, non per questo, vivo nel mondo delle fate.

Nel caso di questo articolo, mi trovo molto in disaccordo. A differenza di quanto è scritto nel titolo, ci sono pochi software di livello davvero professionale per l'elaborazione video su Linux: Da Vinci Resolve (ammesso di riuscire a farlo funzionare sulla propria distribuzione se NON è Centos o Rocky, dopo l'installazione) e Blender. Il secondo in realtà è più adatto a chi lavora con il 3D. Nel corpo dell'articolo si va un po' meglio, ma tra le righe si leggono dei limiti che purtroppo ha la soluzione proposta.

Poi ci sono tanti (ma tanti) software che vanno bene soltanto per uso casalingo, e ben venga che ci siano, e poi ci sono le vie di mezzo.

KDEnlive e Cinelerra secondo me sono 2 vie di mezzo, ma nell'articolo sembra che KDEnlive sia la soluzione di tutti i mali, e che il "comune sentire" (che sia difficile lavorare con i video su Linux), sia un errore.

(Inkscape non lo affronto neanche, è bello e completo ma le sue potenzialità sono quelle che aveva Adobe Illustrator 15 anni fa; ormai quel modo di lavorare è vecchio. In altre parole un professionista difficilmente lo userà).

Ecco il punto: nel 2025, per me, il punto non è "se" con una distribuzione linux si possa fare qualcosa, ma "in quanto tempo" e "con quale difficoltà".

Se gli sviluppatori non lavorano su questo, non credo che ci sarà mai una vera diffusione di Linux sul desktop.

Per citare un esempio, ormai anche il blocco note di Windows è pieno di IA, mentre Linux è rimasto indietro su questo fronte (e lo dico dopo l'installazione delle componenti di VOSK necessarie per trascrivere sottotitoli su KDEnlive).

Può piacere o no, ma io credo che l'IA sia qui per restare e per semplificarci la vita: ormai l'utente se la aspetta; non si può pretendere che gli utenti sacrifichino il loro tempo in nome di principi che, magari, neanche condividono.

Se ci fate caso, le soluzioni open che sono massicciamente sul mercato funzionano perché vanno meglio delle soluzioni chiuse per...uno scopo particolare, un esigenza. Sono abbastanza vecchio, ad esempio, per ricordare PERCHE' c'è stato un tempo in cui Firefox era IL browser: perché a differenza di Internet Explorer FUNZIONAVA.

Sarò cinico ma alla maggior parte delle perone non importano i principi, se c'è un modo per convincerle definitivamente è dar loro qualcosa di semplice e che funziona meglio dell'alternativa chiusa.

Mi spiace se urto la sensibilità di qualcuno, nel qual caso chiedo scusa. Questo però è il mio pensiero che non ha lo scopo di distruggere nulla, esprimo tutto ciò con malinconia per qualcosa che potrebbe essere ma non è.

Sta alla comunità cogliere il mio ragionamento con lo spirito che vuole avere: costruttivo.

In ogni caso, ecco l'articolo:

ilsoftware.it/focus/linux-non-…

#linux #opensource #foss #nonuccidetemi

Linux non permette di creare contenuti video professionali. Sbagliato! | IlSoftware.it

Come creare video professionali su Linux utilizzando software open source come Kdenlive, OBS Studio e Inkscape.

^{IlSoftware.it}