Aperitivo con Marco Cappato – Incontro con la nuova Cellula Coscioni di Verona

Osteria Ratafià, Piazza XVI Ottobre 19 – Verona
Martedì 16 dicembre 2025
Dalle ore 18:30

Martedì 16 dicembre, a partire dalle 18:30, l’Osteria Ratafià di Verona ospiterà un aperitivo speciale con la partecipazione di Marco Cappato, tesoriere dell’Associazione Luca Coscioni. L’incontro rappresenterà un’occasione per confrontarsi sui temi della libertà, dei diritti fondamentali e dell’autodeterminazione.

L’evento è organizzato in occasione della nascita della Cellula Coscioni di Verona, che presenterà le proprie iniziative future sul territorio.

L’appuntamento è aperto a tutta la cittadinanza: un momento informale di dialogo, confronto e condivisione, durante il quale sarà possibile approfondire le campagne dell’Associazione e scoprire come partecipare attivamente.

L'articolo Aperitivo con Marco Cappato – Incontro con la Cellula Coscioni di Verona proviene da Associazione Luca Coscioni.

Roberto, 67 anni, paziente veneto affetto da un tumore cerebrale diagnosticato nel 2006, dopo il primo diniego da parte della sua ASL, ha attivato il percorso per poter procedere col suicidio assistito in Svizzera e ha ottenuto il semaforo verde per potervi accedere. Roberto, però, vorrebbe poter essere libero di porre fine alle proprie sofferenze in Italia, a casa sua.

Per questo, a seguito di un peggioramento delle sue condizioni, Roberto, assistito dal team legale dell’Associazione Luca Coscioni, coordinato dall’avvocata Filomena Gallo, ha chiesto e ottenuto una nuova rivalutazione del suo stato di salute ed è ora in attesa della relazione della ASL, che indicherà se può accedere o meno al “suicidio assistito” in Italia come previsto dalla sentenza Cappato della Corte costituzionale.

Ha dichiarato Roberto: “Si è acceso per me il semaforo verde vicino a Zurigo. Voglio, però, ottenerlo anche qui. Voglio andarmene sereno in casa mia. Per questo ho riaperto la procedura con la Asl e mi batterò in ogni modo per ottenere il via libera. Per me e per tutti quelli che legittimamente vogliono andarsene nel rispetto per sé stessi ponendo fine alla propria sofferenza, senza rinunciare all’autonomia e alla dignità che sono indispensabili per vivere. Far diventare migliore il nostro Paese renderà più gradevole il mio andarmene”.

Roberto è affetto dal 2006 da un glioma diffuso, una forma aggressiva di tumore cerebrale che negli ultimi anni ha comportato crisi epilettiche quotidiane, e nelle ultime settimane ha difficoltà motorie, cade spesso e soffre di un progressivo deterioramento cognitivo. Non ci sono terapie disponibili e la prognosi è infausta. A ottobre 2024 ha presentato la domanda alla sua azienda sanitaria per la verifica dei requisiti richiesti dalla sentenza 242/2019 della Corte costituzionale per poter accedere al suicidio assistito in Italia. Dopo oltre cinque mesi dalla richiesta, a maggio 2025, ha ricevuto un diniego da parte della ASL perché non sarebbe in possesso di uno dei quattro requisiti indicati dalla Corte: la dipendenza da trattamenti di sostegno vitale.

Dichiara Filomena Gallo, coordinatrice del team legale di Roberto e Segretaria nazionale dell’Associazione Luca Coscioni: “Il tumore di Roberto può peggiorare all’improvviso, portando a una rapida perdita delle funzioni cognitive, a uno stato vegetativo, alla morte. Roberto vuole evitare questo scenario, potendo decidere lui stesso tempi e modalità della propria fine attraverso l’autosomministrazione del farmaco per il fine vita, senza rischiare di perdere la capacità di scegliere. L’intervento chirurgico proposto non garantisce né che si risvegli dopo l’operazione né quali condizioni potrebbe avere in caso di risveglio. Per questo ha rifiutato qualsiasi trattamento invasivo e cure dall’esito incerto. Non esistono terapie in grado di garantirgli la sopravvivenza. È quindi necessario che i medici della commissione della ASL valutino la sua particolare situazione anche considerando il rifiuto dell’intervento e la prognosi infausta come requisiti validi per l’accesso alla morte volontaria. In caso di un nuovo diniego, siamo pronti a tornare in tribunale per garantire il rispetto della autodeterminazione terapeutica di Roberto”.

L'articolo Roberto, paziente oncologico veneto, riceve il via libera dalla Svizzera dopo il primo diniego dalla sua ASL proviene da Associazione Luca Coscioni.

Giovedì 18 dicembre 2025, dalle ore 14.15 alle ore 18.00, si svolgerà, presso la Sala Capranichetta dell’Hotel Nazionale, in Piazza di Monte Citorio 125, il

Consiglio generale dell’Associazione Luca Coscioni per la libertà di ricerca scientifica APS

L’Ordine del Giorno verte sui seguenti punti:

• Stato di avanzamento delle iniziative sugli obiettivi dell’Associazione.

L'articolo Consiglio generale dell’Associazione Luca Coscioni per la libertà di ricerca scientifica APS proviene da Associazione Luca Coscioni.

In occasione del diciannovesimo anniversario della morte di Piergiorgio Welby, l’Associazione Luca Coscioni organizza l’incontro pubblico in sua memoria, intitolato

“Fine vita in Italia: diritti da difendere, libertà da conquistare”

L’appuntamento è per giovedì 18 dicembre 2025, dalle ore 10.00 alle ore 12.45, presso la Sala Capranichetta dell’Hotel Nazionale, in piazza di Monte Citorio 125 a Roma.

PREANNUNCIA LA TUA PARTECIPAZIONE

Diciannove anni dopo la “morte opportuna” di Piergiorgio Welby, ci ritroviamo per fare il punto sul fine vita: la situazione legislativa e le azioni necessarie.

Parleremo dei diritti conquistati da fare rispettare e di quelli che ancora mancano per garantire l’autodeterminazione individuale. Lo faremo insieme a chi ogni giorno affronta le scelte più difficili, perché dietro ogni norma, ogni sentenza e ogni lotta ci sono sempre una persona storia e una vita.

L’incontro del 18 dicembre è dunque un invito a non voltarsi dall’altra parte, e ad attrezzarsi insieme per la conquista di nuove libertà.

— PROGRAMMA —

ore 10.00 – 10.10: Accrediti e ingresso partecipanti

ore 10.10 – 10.30: Apertura dei lavori

Mina WELBY, Co Presidente dell’Associazione Luca Coscioni

ore 10.30 – 10.40: Saluti istituzionali

ore 10.40 – 10.55: Introduzione

Il fine vita da Welby a oggi: questioni irrisolte, casi ancora aperti e la proposta popolare sull’aiuto medico alla morte volontaria – Filomena GALLO, Avvocata e Segretaria nazionale dell’Associazione Luca Coscioni

ore 10.55: Inizio delle sessioni

ore 10.55: Sessione 1 – La Giurisprudenza

• La distanza tra il vissuto delle persone, la giurisprudenza e l’inerzia del legislatore – Alessia CICATELLI, Avvocata e membro di Giunta dell’Associazione Luca Coscioni

---

ore 11.o5: Sessione 2 – La Corte costituzionale e il Parlamento

• Cosa la Corte chiede al Parlamento – Giorgio REPETTO, Professore ordinario di Diritto costituzionale presso l’Università degli Studi di Perugia

---

ore 10.20 :Sessione 3 – La legge del Governo in discussione sul Fine vita* e la legge popolare “Eutanasia legale”

• “A chi appartiene la tua vita? Il Governo risponde: a noi!” – Paolo FLORES D’ARCAIS, Filosofo
• Profili di incoerenza con la giurisprudenza e rischi di incostituzionalità – Corrado CARUSO, Professore ordinario di Diritto costituzionale e pubblico presso l’Alma Mater Studiorum – Università degli Studi di Bologna
• La persona al centro: diritti fondamentali, vulnerabilità e rischi discriminatori nella legge sul fine vita – Benedetta Maria Cosetta LIBERALI, Professoressa associata di Diritto costituzionale presso l’Università degli Studi di Milano
• Problematiche clinico-pratiche nell’applicazione delle sentenze della Corte costituzionale e della proposta in discussione – Mario RICCIO, medico (anche di Piergiorgio Welby) e consigliere generale dell’Associazione Luca Coscioni

*Testo unificato adottato dalle Commissioni riunite 2a e 10a per i ddl 65, ddl 104, ddl 124, ddl 570, ddl 1083 e ddl 1408 (Disposizioni in materia di morte medicalmente assistita)

---

Conclusioni

• Marco CAPPATO, Tesoriere dell’Associazione Luca Coscioni

PREANNUNCIA LA TUA PARTECIPAZIONE

Partecipazione incontro pubblico 18 dicembre

• Nome*
• Cognome*
• Email*
• Cellulare*
• Sarò presente:*
  • mattina - parteciperò all'incontro pubblico
  • pomeriggio - parteciperò al consiglio generale

  
  

• Consenso trattamento dati*
  • Accetto le condizioni della privacy

  
  

jQuery(document).bind('gform_post_render', function(event, formId, currentPage){if(formId == 87) {} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} ); jQuery(document).ready(function(){jQuery(document).trigger('gform_post_render', [87, 1]) } );
L'articolo Incontro pubblico in memoria di Piergiorgio Welby “Fine vita in Italia: diritti da difendere, libertà da conquistare” proviene da Associazione Luca Coscioni.

WELCOME BACK TO THE MONTHLY FREE EDITION of Digital Politics.I'm Mark Scott, and will be splitting my time next week between Berlin and Brussels. If you're around and want to grab coffee, drop me a line.

— We're about to enter a new paradigm in how children use the internet. The global policy shift is a proxy for a wider battle over platforms' role in society.

— The European Union is shifting its approach to tech regulation. But these changes are not down to political rhetoric coming from the United States.

— How much would you sell your personal data for? France's privacy regulator figured out the sweet spot.

Let's get started:

WE'RE NOT IN KANSAS, ANYMORE

FOR THOSE INTERESTED IN KIDS ONLINE SAFETY, it's been a busy couple of weeks — and it's not slowing down. On Dec 10, Australia enacts its world-first social media ban (editor's note: Canberra calls it a 'postponement') for children under 16 years of age. On Dec 2, the US House of Representatives' subcommittee on commerce, manufacturing and trade debated 19 proposed bills to protect kids online. That includes a revamped Kids Online Safety Act, or KOSA, and the Reducing Exploitative Social Media Exposure for Teens Act, or RESET, that mirrors what Australia is about to enact.

In Europe, EU member countries just agreed to a joint position on how social media giants should handle suspected child online sexual abuse material. The biggest takeaway is officials' decision not to force these firms to automatically detect such illegal content on people's devices after privacy campaigners warned that would be akin to government surveillance. These national officials will now have to haggle a final agreement with both the European Commission and European Parliament before the long-awaited rules come into force.

To cap things off, the European Parliament passed a non-binding resolution to ban under-16s from accessing social media — a policy that everyone from Denmark to Malaysia is forging ahead with. US states from Texas to Missouri also have passed legislation requiring app stores to websites to verify that people are over 18-years-old before accessing potentially harmful content/services.

There's a lot of nuance to each of these moves. Much depends on the local context of each jurisdiction.

Globally, short-term attention will now focus on how Australia implements its social media ban (or postponement) on Dec 10. Tech firms say it'll cut children off from their friends online, as well as push them toward less safe areas of the internet that won't fall under the upcoming rules. Child rights advocates say Canberra's push to keep kids off social media until they turn 16 is a basic step after many of these platforms have been alleged to promote commercial interests over children's safety.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in November:
— The EU's 'Jekyll and Hyde" tech strategy; The tech industry's impact on climate change has gone from bad to worse; The collective spend of tech lobbying in Brussels. More here.
— Here are the tech policy implications if/when the AI bubble bursts; What you need to know about Europe's rewrite of its digital rules; ChatGPT's relationship with publishers. More here.
— The European Commission's power grab at the heart of the bloc's Digital Omnibus; We should prepare for the end of an American-led internet; What devices do children use, and at what age? More here.
— The US' apathy toward its G20 presidency provides an opportunity for other countries to step up; Washington again wants to stop US states from passing AI rules; Internet freedoms worldwide have declined over the last 15 years. More here.

These policy battles are best framed around the unanswerable question of which fundamental right should take precedent: privacy or safety? As much as I believe some lawmakers' statements about protecting kids online are a cover for other political priorities (more on that below), it now feels inevitable we're heading toward a global digital age of majority in which some online goods/services will remain off-limits to those under a certain age.

For that to work, a lot will depend on how people's ages are checked online — and how such age verification does not lead to individuals' personal data leaking out into the wider world. Yet in the coming years, children will almost certainly live within a more curtailed online environment — though one that will still include significant harms.

But let's get back to those other political priorities.

First things first: everyone can agree that children should be protected, both online and offline. I would argue that all online users should have the same levels of protection now being rolled out for minors. That includes limits on who can interact with people online, bans on the most egregious data collection and usage, and safety-by-design principles baked into platforms currently designed to maximum engagement.

Many of those officials pushing for child-focus online safety rules, worldwide, would agree with that, too. They just are aware that such society-wide efforts to pare back the control, addictiveness and business models of social media giants are a current political dead-end due to the extensive lobbying from these firms to water down any legislative/regulatory efforts around online safety.

This is not just the state of play in the US where many of the world's largest social media platforms have embraced the White House's public aversion to online safety rules. From Canberra to Brasilia to Brussels, companies have successfully argued that such legislation can be an impediment to free speech and an unfair burden on commercial enterprises.

Even in countries that have passed such online safety rules, officials remain extremely cautious about taking a too hard line on companies, often preferring self- or co-regulation, as a first step, before rolling out aggressive enforcement.

That's why there's been a significant shift to focus on child-specific online safety rules worldwide. Yes, kids should be protected against harms more so than adults. But in framing legislation around the specifics of child rights, lawmakers can often sidestep accusations of censorship and/or overreach that would come if they attempted similar legislation for the whole of society.

I do not want to diminish the real-world harm that social media can pose to children. Nor do I think kids' online safety legislation should be put on the back burner until a consensus can be reached on how to oversee the platforms, more broadly.

But as we head toward the end of 2025, the disconnect between the growing number of online child safety efforts and the diminishing impetus (outside of a few countries) to tackle the society-wide impact of social media is hard to ignore. If lawmakers consider that data profiling, addictive recommender systems and online grooming — fueled by social media — are harmful to children, then why do they believe such practices are OK for adults?

Confronted with the current political reality, however, lawmakers have made the tactical decision to pare back expectations on passing comprehensive online safety rules to focus solely on online child safety. It's deemed as a safer political bet to pass some form of legislation whose protections, in a perfect world, would apply to both minors and adults, alike.

Chart of the week

IT'S BECOME A CLICHE TO SAY that because none of us pay for social media, then we — and our data — are actually the product (served up to advertisers).

To figure out how much people would be willing to sell their personal information for, France's privacy regulator surveyed more than 2,000 locals about their attitudes toward what price they would be willing to accept for such sensitive information.

Roughly one-third of the respondents said they wouldn't sell their data at any price. But among the other two-thirds of individuals, the sweet spot fell somewhere between €10-€30, or $12-$35, a month.
Source: Commission nationale de l'informatique et des libertés

What is really driving the transatlantic digital relationship

TWO SIGNIFICANT EVENT IN EU-US digital relations have occurred in the last 12 months.

First, the European Commission has embraced a deregulatory agenda spurred on by Mario Draghi's competitiveness report from 2024. This pullback was encapsulated by Brussels' recent so-called Digital Omnibus that proposed significant changes to the bloc's privacy and upcoming artificial intelligence rules. Here's me on why the revamp isn't as bad as many suspect.

Second, Donald Trump became the 47th president of the United States. Among his many White House executive orders, he took aim at global digital regulation from democratic allies, particularly those enacted in Europe, as well as pulling back on all rules (and international efforts) associated with AI governance.

The perceived wisdom is that these two digital geopolitical events are connected. That in its efforts to maintain security and economic ties to the US, the EU has thrown its digital rulebook under the bus to placate increasing criticism from Trump's administration and its allies in Congress.

This theory is wrong.

It's not that US officials aren't vocally lobbying their European counterparts to rethink the likes of the Artificial Intelligence Act, Digital Services Act and Digital Markets Act. They are — including US Commerce Secretary Howard Lutnik's recent comments in Brussels to that effect. (What many misremember is that such criticism, although less public, also came from Joe Biden's administration.)

But to make the binary connection between Washington's talking points and Brussels' digital policymaking rethink is to miss the complexities behind the current transatlantic relationship.

Even before the current European Commission took over in late 2024, there were signs that EU leaders wanted to press the pause button on new digital rules. Brussels passed a litany of new tech regulation in the previous five years. National leaders and executives from European companies increasingly questioned if such oversight was in the Continent's long-term economic interests.

Then came Draghi's competitiveness report, the comprehensive victory of the center-right (and pro-industry) European People's Party in the 2024 European Parliament elections and the return of Ursula von der Leyen as European Commission president, whose own interests in digital policymaking left a lot to be desired.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

That tilted the scales significantly in favor of greater deregulation as Europe tried to bolster its sluggish economy, take advantage of AI advances and respond to European industry's claims that EU-wide digital regulation was hampering its ability to compete against US and Chinese rivals.

While that context has become mired in the geopolitics of Washington's seeming reduced support for Ukraine, the main driver for Brussels' about-turn on digital rules is internal, not external, political and economic pressure.

That takes us to Washington's aversion to digital regulation.

To be clear: this did not start with Trump 2.0. Throughout the Biden administration, US officials routinely scolded their European counterparts about hurting the economic interests of US tech companies. That came even as the former White House administration tried, unsuccessfully, to impose greater oversight on Silicon Valley via Congress.

Under the current White House, such criticism — and potential trade consequences — has been turned up to 11. But if you dig into how the Trump administration approaches tech regulation, much of the pushback against Europe is more performative than it may first appear.

On digital competition, it's arguable that the US Department of Justice is going further in its efforts to break up Big Tech than the European Commission and its Digital Markets Act. Yes, recent legal rulings may have hobbled American officials' efforts. But Washington remains a strong advocate for greater online market competition — even as federal officials side with Silicon Valley in their aversion to international ex ante regulation.

On platform governance, it's too easy to suggest US officials are wedded to First Amendment arguments as they criticize the EU's Digital Services Act. It's true that many misunderstand how that legislation actually works — in that it doesn't pass judgement on content, but instead reviews so-called systemic risks associated with how these platforms work.

But if you look at last year's request for informationfrom the US Federal Trace Commission concerning alleged "platform censorship," then many of the points could be taken directly from Europe's online safety rulebook. That includes demands that social media giants explain how they make content moderation decisions, as well as provide greater redress for users who believe they have been hard done by. That's an almost word-for-word copy of what is currently available under the EU's Digital Services Act.

I'm not saying Trump's criticism has not played into the politics of Europe's digital rethink — including when certain enforcement decisions against Big Tech companies have been announced.

But it is just not true that Europe has caved in to American pressure when it comes to its digital policymaking u-turn. Instead, there are sufficient internal pressures — both economic and political — from across the 27-country bloc that are driving the current revamp.

As for Washington, it's less to do with officials' dislike for digital rulemaking, though one exception could be made for the White House's stance on artificial intelligence. For me, it's more to do with oversight of American companies originating from overseas — and not from Capitol Hill.

Within that context, it's best to view the current statements from the Trump administration less as "no regulation, ever," and more as "leave the oversight of US firms to American lawmakers."

What I'm reading

— The University of Amsterdam's DSA Observatory sketches out the current state of play for enforcement under the EU's online safety rules. More here.

— The United Kingdom's Ofcom regulator outlines non-binding rules for how online platforms should handle online harms against women and girls. More here.

— The White House published its so-called "Genesis Mission" to jumpstart the use of federal resources for AI-enable scientific research. More here.

— The European venture capital firm Atomico published its annual report on the state of the Continent's technology start-up technology industry. More here.

digitalpolitics.co/newsletter0…

In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and we published an in-depth analysis of it in another post. Recently, a new version was discovered.

Shai Hulud 2.0 is a type of two-stage worm-like malware that spreads by compromising npm tokens to republish trusted packages with a malicious payload. More than 800 npm packages have been infected by this version of the worm.

According to our telemetry, the victims of this campaign include individuals and organizations worldwide, with most infections observed in Russia, India, Vietnam, Brazil, China, Türkiye, and France.

Technical analysis

When a developer installs an infected npm package, the setup_bun.js script runs during the preinstall stage, as specified in the modified package.json file.

Bootstrap script

The initial-stage script setup_bun.js is left intentionally unobfuscated and well documented to masquerade as a harmless tool for installing the legitimate Bun JavaScript runtime. It checks common installation paths for Bun and, if the runtime is missing, installs it from an official source in a platform-specific manner. This seemingly routine behavior conceals its true purpose: preparing the execution environment for later stages of the malware.

The installed Bun runtime then executes the second-stage payload, bun_environment.js, a 10MB malware script obfuscated with an obfuscate.io-like tool. This script is responsible for the main malicious activity.

Stealing credentials

Shai Hulud 2.0 is built to harvest secrets from various environments. Upon execution, it immediately searches several sources for sensitive data, such as:

• GitHub secrets: the malware searches environment variables and the GitHub CLI configuration for values starting with ghp_ or gho_. It also creates a malicious workflow yml in victim repositories, which is then used to obtain GitHub Actions secrets.
• Cloud credentials: the malware searches for cloud credentials across AWS, Azure, and Google Cloud by querying cloud instance metadata services and using official SDKs to enumerate credentials from environment variables and local configuration files.
• Local files: it downloads and runs the TruffleHog tool to aggressively scan the entire filesystem for credentials.

Then all the exfiltrated data is sent through the established communication channel, which we describe in more detail in the next section.

Data exfiltration through GitHub

To exfiltrate the stolen data, the malware sets up a communication channel via a public GitHub repository. For this purpose, it uses the victim’s GitHub access token if found in environment variables and the GitHub CLI configuration.

After that, the malware creates a repository with a randomly generated 18-character name and a marker in its description. This repository then serves as a data storage to which all stolen credentials and system information are uploaded.

If the token is not found, the script attempts to obtain a previously stolen token from another victim by searching through GitHub repositories for those containing the text, “Sha1-Hulud: The Second Coming.” in the description.

Worm spreading across packages

For subsequent self-replication via embedding into npm packages, the script scans .npmrc configuration files in the home directory and the current directory in an attempt to find an npm registry authorization token.

If this is successful, it validates the token by sending a probe request to the npm /-/whoami API endpoint, after which the script retrieves a list of up to 100 packages maintained by the victim.

For each package, it injects the malicious files setup_bun.js and bun_environment.js via bundleAssets and updates the package configuration by setting setup_bun.js as a pre-installation script and incrementing the package version. The modified package is then published to the npm registry.

Destructive responses to failure

If the malware fails to obtain a valid npm token and is also unable to get a valid GitHub token, making data exfiltration impossible, it triggers a destructive payload that wipes user files, primarily those in the home directory.

Our solutions detect the family described here as HEUR:Worm.Script.Shulud.gen.

Since September of this year, Kaspersky has blocked over 1700 Shai Hulud 2.0 attacks on user machines. Of these, 18.5% affected users in Russia, 10.7% occurred in India, and 9.7% in Brazil.

TOP 10 countries and territories affected by Shai Hulud 2.0 attacks (download)
We continue tracking this malicious activity and provide up-to-date information to our customers via the Kaspersky Open Source Software Threats Data Feed. The feed includes all packages affected by Shai-Hulud, as well as information on other open-source components that exhibit malicious behaviour, contain backdoors, or include undeclared capabilities.

securelist.com/shai-hulud-2-0/…

In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the vulnerabilities being leveraged in APT attacks that lead to the launch of widespread C2 frameworks. The report utilizes anonymized Kaspersky Security Network data, which was consensually provided by our users, as well as information from open sources.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. The data is taken from cve.org.

Let us consider the number of registered CVEs by month for the last five years up to and including the third quarter of 2025.

Total published vulnerabilities by month from 2021 through 2025 (download)

As can be seen from the chart, the monthly number of vulnerabilities published in the third quarter of 2025 remains above the figures recorded in previous years. The three-month total saw over 1000 more published vulnerabilities year over year. The end of the quarter sets a rising trend in the number of registered CVEs, and we anticipate this growth to continue into the fourth quarter. Still, the overall number of published vulnerabilities is likely to drop slightly relative to the September figure by year-end

A look at the monthly distribution of vulnerabilities rated as critical upon registration (CVSS > 8.9) suggests that this metric was marginally lower in the third quarter than the 2024 figure.

Total number of critical vulnerabilities published each month from 2021 to 2025 (download)

Exploitation statistics

This section contains exploitation statistics for Q3 2025. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

In Q3 2025, as before, the most common exploits targeted vulnerable Microsoft Office products.

Most Windows exploits detected by Kaspersky solutions targeted the following vulnerabilities:

• CVE-2018-0802: a remote code execution vulnerability in the Equation Editor component
• CVE-2017-11882: another remote code execution vulnerability, also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to assume control of the system

These vulnerabilities historically have been exploited by threat actors more frequently than others, as discussed in previous reports. In the third quarter, we also observed threat actors actively exploiting Directory Traversal vulnerabilities that arise during archive unpacking in WinRAR. While the originally published exploits for these vulnerabilities are not applicable in the wild, attackers have adapted them for their needs.

• CVE-2023-38831: a vulnerability in WinRAR that involves improper handling of objects within archive contents We discussed this vulnerability in detail in a 2024 report.
• CVE-2025-6218 (ZDI-CAN-27198): a vulnerability that enables an attacker to specify a relative path and extract files into an arbitrary directory. A malicious actor can extract the archive into a system application or startup directory to execute malicious code. For a more detailed analysis of the vulnerability, see our Q2 2025 report.
• CVE-2025-8088: a zero-day vulnerability similar to CVE-2025-6128, discovered during an analysis of APT attacks The attackers used NTFS Streams to circumvent controls on the directory into which files were unpacked. We will take a closer look at this vulnerability below.

It should be pointed out that vulnerabilities discovered in 2025 are rapidly catching up in popularity to those found in 2023.

All the CVEs mentioned can be exploited to gain initial access to vulnerable systems. We recommend promptly installing updates for the relevant software.

Dynamics of the number of Windows users encountering exploits, Q1 2023 — Q3 2025. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

According to our telemetry, the number of Windows users who encountered exploits increased in the third quarter compared to the previous reporting period. However, this figure is lower than that of Q3 2024.

For Linux devices, exploits for the following OS kernel vulnerabilities were detected most frequently:

• CVE-2022-0847, also known as Dirty Pipe: a vulnerability that allows privilege escalation and enables attackers to take control of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-22555: a heap overflow vulnerability in the Netfilter kernel subsystem. The widespread exploitation of this vulnerability is due to its use of popular memory modification techniques: manipulating “msg_msg” primitives, which leads to a Use-After-Free security flaw.

Dynamics of the number of Linux users encountering exploits, Q1 2023 — Q3 2025. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

A look at the number of users who encountered exploits suggests that it continues to grow, and in Q3 2025, it already exceeds the Q1 2023 figure by more than six times.

It is critically important to install security patches for the Linux operating system, as it is attracting more and more attention from threat actors each year – primarily due to the growing number of user devices running Linux.

Most common published exploits

In Q3 2025, exploits targeting operating system vulnerabilities continue to predominate over those targeting other software types that we track as part of our monitoring of public research, news, and PoCs. That said, the share of browser exploits significantly increased in the third quarter, matching the share of exploits in other software not part of the operating system.

Distribution of published exploits by platform, Q1 2025 (download)

Distribution of published exploits by platform, Q2 2025 (download)

Distribution of published exploits by platform, Q3 2025 (download)

It is noteworthy that no new public exploits for Microsoft Office products appeared in Q3 2025, just as none did in Q2. However, PoCs for vulnerabilities in Microsoft SharePoint were disclosed. Since these same vulnerabilities also affect OS components, we categorized them under operating system vulnerabilities.

Vulnerability exploitation in APT attacks

We analyzed data on vulnerabilities that were exploited in APT attacks during Q3 2025. The following rankings draw on our telemetry, research, and open-source data.

TOP 10 vulnerabilities exploited in APT attacks, Q3 2025 (download)

APT attacks in Q3 2025 were dominated by zero-day vulnerabilities, which were uncovered during investigations of isolated incidents. A large wave of exploitation followed their public disclosure. Judging by the list of software containing these vulnerabilities, we are witnessing the emergence of a new go-to toolkit for gaining initial access into infrastructure and executing code both on edge devices and within operating systems. It bears mentioning that long-standing vulnerabilities, such as CVE-2017-11882, allow for the use of various data formats and exploit obfuscation to bypass detection. By contrast, most new vulnerabilities require a specific input data format, which facilitates exploit detection and enables more precise tracking of their use in protected infrastructures. Nevertheless, the risk of exploitation remains quite high, so we strongly recommend applying updates already released by vendors.

C2 frameworks

In this section, we will look at the most popular C2 frameworks used by threat actors and analyze the vulnerabilities whose exploits interacted with C2 agents in APT attacks.

The chart below shows the frequency of known C2 framework usage in attacks on users during the third quarter of 2025, according to open sources.

Top 10 C2 frameworks used by APT groups to compromise user systems in Q3 2025 (download)

Metasploit, whose share increased compared to Q2, tops the list of the most prevalent C2 frameworks from the past quarter. It is followed by Sliver and Mythic. The Empire framework also reappeared on the list after being inactive in the previous reporting period. What stands out is that Adaptix C2, although fairly new, was almost immediately embraced by attackers in real-world scenarios. Analyzed sources and samples of malicious C2 agents revealed that the following vulnerabilities were used to launch them and subsequently move within the victim’s network:

• CVE-2020-1472, also known as ZeroLogon, allows for compromising a vulnerable operating system and executing commands as a privileged user.
• CVE-2021-34527, also known as PrintNightmare, exploits flaws in the Windows print spooler subsystem, also enabling remote access to a vulnerable OS and high-privilege command execution.
• CVE-2025-6218 or CVE-2025-8088 are similar Directory Traversal vulnerabilities that allow extracting files from an archive to a predefined path without the archiving utility notifying the user. The first was discovered by researchers but subsequently weaponized by attackers. The second is a zero-day vulnerability.

Interesting vulnerabilities

This section highlights the most noteworthy vulnerabilities that were publicly disclosed in Q3 2025 and have a publicly available description.

ToolShell (CVE-2025-49704 and CVE-2025-49706, CVE-2025-53770 and CVE-2025-53771): insecure deserialization and an authentication bypass

ToolShell refers to a set of vulnerabilities in Microsoft SharePoint that allow attackers to bypass authentication and gain full control over the server.

• CVE-2025-49704 involves insecure deserialization of untrusted data, enabling attackers to execute malicious code on a vulnerable server.
• CVE-2025-49706 allows access to the server by bypassing authentication.
• CVE-2025-53770 is a patch bypass for CVE-2025-49704.
• CVE-2025-53771 is a patch bypass for CVE-2025-49706.

These vulnerabilities form one of threat actors’ combinations of choice, as they allow for compromising accessible SharePoint servers with just a few requests. Importantly, they were all patched back in July, which further underscores the importance of promptly installing critical patches. A detailed description of the ToolShell vulnerabilities can be found in our blog.

CVE-2025-8088: a directory traversal vulnerability in WinRAR

CVE-2025-8088 is very similar to CVE-2025-6218, which we discussed in our previous report. In both cases, attackers use relative paths to trick WinRAR into extracting archive contents into system directories. This version of the vulnerability differs only in that the attacker exploits Alternate Data Streams (ADS) and can use environment variables in the extraction path.

CVE-2025-41244: a privilege escalation vulnerability in VMware Aria Operations and VMware Tools

Details about this vulnerability were presented by researchers who claim it was used in real-world attacks in 2024.

At the core of the vulnerability lies the fact that an attacker can substitute the command used to launch the Service Discovery component of the VMware Aria tooling or the VMware Tools utility suite. This leads to the unprivileged attacker gaining unlimited privileges on the virtual machine. The vulnerability stems from an incorrect regular expression within the get-versions.sh script in the Service Discovery component, which is responsible for identifying the service version and runs every time a new command is passed.

Conclusion and advice

The number of recorded vulnerabilities continued to rise in Q3 2025, with some being almost immediately weaponized by attackers. The trend is likely to continue in the future.

The most common exploits for Windows are primarily used for initial system access. Furthermore, it is at this stage that APT groups are actively exploiting new vulnerabilities. To hinder attackers’ access to infrastructure, organizations should regularly audit systems for vulnerabilities and apply patches in a timely manner. These measures can be simplified and automated with Kaspersky Systems Management. Kaspersky Symphony can provide comprehensive and flexible protection against cyberattacks of any complexity.

securelist.com/vulnerabilities…

It’s relatively easy to understand how optical microscopes work at low magnifications: one lens magnifies an image, the next magnifies the already-magnified image, and so on until it reaches the eye or sensor. At high magnifications, however, that model starts to fail when the feature size of the specimen nears the optical system’s diffraction limit. In a recent video, [xoreaxeax] built a simple microscope, then designed another microscope to overcome the diffraction limit without lenses or mirrors (the video is in German, but with automatic English subtitles).

The first part of the video goes over how lenses work and how they can be combined to magnify images. The first microscope was made out of camera lenses, and could resolve onion cells. The shorter the focal length of the objective lens, the stronger the magnification is, and a spherical lens gives the shortest focal length. [xoreaxeax] therefore made one by melting a bit of soda-lime glass with a torch. The picture it gave was indistinct, but highly magnified.
A cross section of the diffraction pattern of a laser diode shining through a pinhole, built up from images at different focal distances.
Besides the dodgy lens quality given by melting a shard of glass, at such high magnification some of the indistinctness was caused by the specimen acting as a diffraction grating and directing some light away from the objective lens. [xoreaxeax] visualized this by taking a series of pictures of a laser shining through a pinhole at different focal lengths, thus getting cross sections of the light field emanating from the pinhole. When repeating the procedure with a section of onion skin, it became apparent that diffraction was strongly scattering the light, which meant that some light was being diffracted out of the lens’s field of view, causing detail to be lost.

To recover the lost details, [xoreaxeax] eliminated the lenses and simply captured the interference pattern produced by passing light through the sample, then wrote a ptychography algorithm to reconstruct the original structure from the interference pattern. This required many images of the subject under different lighting conditions, which a rotating illumination stage provided. The algorithm was eventually able to recover a sort of image of the onion cells, but it was less than distinct. The fact that the lens-free setup was able to produce any image at all is nonetheless impressive.

To see another approach to ptychography, check out [Ben Krasnow’s] approach to increasing microscope resolution. With an electron microscope, ptychography can even image individual atoms.

youtube.com/embed/lhJhRuQsiMU?…

hackaday.com/2025/12/04/buildi…

Resetting the paraffin trap. (Credit: MisterHW)

Have you ever tipped all the stray bits of solder out of your tip cleaner by mistake? [MisterHW] is here with a bit pf paraffin wax to save the day.

Hand soldering can be a messy business, especially when you wipe the soldering iron tip on those common brass wool bundles that have largely come to replace moist sponges. The Weller Dry Cleaner (WDC) is one of such holders for brass wool, but the large tray in front of the opening with the brass wool has confused many as to its exact purposes. In short, it’s there so that you can slap the iron against the side to flick contaminants and excess solder off the tip.

Along with catching some of the bits of mostly solder that fly off during cleaning in the brass wool section, quite a lot of debris can be collected this way. Yet as many can attest to, it’s quite easy to flip over brass wool holders and have these bits go flying everywhere.

The trap in action. (Credit: MisterHW)

That’s where [MisterHW]’s pit of particulate holding comes into play, using folded sheet metal and some wax (e.g. paraffin) to create a trap that serves to catch any debris that enters it and smother it in the wax. To reset the trap, simply heat it up with e.g. the iron and you’ll regain a nice fresh surface to capture the next batch of crud.

As the wax is cold when in use, even if you were to tip the holder over, it should not go careening all over your ESD-safe work surface and any parts on it, and the wax can be filtered if needed to remove the particulates. When using leaded solder alloys, this setup also helps to prevent lead-contamination of the area and generally eases clean-up as bumping or tipping a soldering iron stand no longer means weeks, months or years of accumulations scooting off everywhere.

hackaday.com/2025/12/04/preven…

FOR IMMEDIATE RELEASE:

The New York Times and its Pentagon reporter, Julian Barnes, are taking the Trump administration to court over the Department of Defense’s unconstitutional requirement that journalists pledge not to report unauthorized information as a condition of gaining access to the Pentagon.

The following statement can be attributed to Trevor Timm, executive director for Freedom of the Press Foundation (FPF).

“In an era where news networks seem to be caving to Trump’s censorious tactics left and right, it’s refreshing to see The New York Times leading by example and sticking up for the First Amendment in court.

“An attack on any journalist’s rights is an attack on all. And the only way to put an end to the Trump administration’s multipronged assault on press freedom is for every news outlet to fight back at every opportunity. We urge other news outlets to follow the Times’ lead.

“These days, the government has countless platforms of its own to tell the public what it wants it to know. A free and independent press isn’t needed for that. The Constitution guarantees one anyway precisely because the public needs the information the government does not want it to know. The Pentagon’s absurd access pledge has been an affront to the First Amendment since the first day they proposed it. And we look forward to a federal judge throwing it out with the trash, where it belongs.”

Please contact us if you would like further comment.

freedom.press/issues/appeasing…

FOR IMMEDIATE RELEASE:

The federal appellate court for the D.C. Circuit recently affirmed a ruling requiring investigative journalist Catherine Herridge to disclose the sources for her reporting on scientist Yangping Chen’s alleged ties to the Chinese military while an online college Chen founded received federal funds.

The court got it wrong by holding Herridge in contempt for not burning her sources, and Herridge is rightly seeking a rehearing. Worse yet, the misguided ruling was informed by documents about the FBI’s investigation of Chen that were filed under seal, even though the investigation is over and the documents aren’t classified. The appellate court even held a portion of its hearing to decide whether to order Herridge to testify in closed court.

Freedom of the Press Foundation (FPF), represented by Schaerr | Jaffe LLP, filed a motion to intervene and unseal the documents and hearing transcript yesterday.

The following statement can be attributed to Seth Stern, director of advocacy for FPF.

“Journalist-source confidentiality is about safeguarding the public’s right to be informed. Its fate should not be decided in secret hearings about secret documents. Americans deserve to know whether the damages Chen claims to have suffered were because of alleged leaks to Herridge or because of the outcome of the government investigation she reported on. If the latter, it raises the question of whether the court is ordering Herridge to out her sources to aid Chen in pursuing a baseless lawsuit. Surely the bar for compelled disclosure of journalistic sources must be higher than that.

“Opponents of the reporter’s privilege often dream up convoluted hypothetical scenarios to call it a national security risk. But here we see someone suspected of ties to a foreign military able to use the courts to try to find out who in the government U.S. reporters are talking to and the content of those conversations. It goes to show that the real national security risk is the lack of a statutory privilege, which allows courts to issue misguided rulings. Congress should step up and reintroduce and pass the PRESS Act.”

H. Christopher Bartolomucci, a partner at Schaerr | Jaffe, added:

“Public access and government accountability are fundamental to the rule of law, and the notion of ‘secret law’ is anathema to our system of justice. By denying the public access to important judicial records in this case, the court is keeping members of the public from judging for themselves the strength or weakness of the court’s reasoning.”

You can read FPF’s motion here.

Please contact us if you would like further comment.

freedom.press/issues/fpf-deman…

The EDPS vs. Single Resolution Board judgment goes to the heart of the EU’s fundamental right to data protection, shaping how artificial intelligence, data spaces and so-called privacy-enhancing technologies (PETs) will be governed in practice. The ruling of the Court of Justice of the European Union (CJEU) arrives at a crucial time to reiterate what counts as personal data, reinforcing the importance of the protection that the GDPR was designed to guarantee.

The post When data relate to us? appeared first on European Digital Rights (EDRi).

• Commissioner Brunner states preference for Parliament’s position over Council text and offers extension of interim rules
• Broad cross-party front in EU Parliament against mass surveillance and mandatory age checks
• Praise for Chief Negotiator Zarzalejos for uniting all political groups behind a “strong mandate”

Just days before the start of the decisive “Trilogue” negotiations on the controversial Regulation to Prevent and Combat Child Sexual Abuse (CSAM), known by critics as “Chat Control,” the political tide in Brussels has turned. During a hearing in the Civil Liberties Committee (LIBE) today, the new EU Commissioner for Home Affairs, Magnus Brunner, surprised MEPs by stating his preference for the European Parliament’s negotiating mandate over the draft law adopted by EU governments (the Council). This statement provides massive backing for the Parliament’s Chief Negotiator, Javier Zarzalejos (EPP), who has united an unusually broad coalition ranging from the Left to the Right behind his position.

Zarzalejos secures strong backing against mass surveillance and age control
While EU member state governments continue to push for mass scanning of private messages (at the discretion of providers), mandatory age verification for all users, and effective bans on communication apps for under-17s, the Parliament enters negotiations with a clear alternative model: Mandatory but targeted surveillance only where reasonable suspicion exists and with a judicial warrant, alongside a firm rejection of mandatory age checks and app lockouts for teenagers.

Javier Zarzalejos, Chair of the LIBE Committee and Rapporteur, emphasized during the meeting that the Parliament is entering negotiations with a “strong mandate” that is “supported by all political groups.”

Former MEP and co-negotiator Patrick Breyer (Pirate Party) comments: “Credit is due to Javier Zarzalejos for uniting the Parliament on this crucial issue. With this strong mandate for fundamental rights and against indiscriminate surveillance, the Parliament is well-equipped to fend off the governments’ attack on digital secrecy and the right to anonymous communication.”

Committee Clash: An Alliance Against Surveillance
Today’s session highlighted how isolated the surveillance proponents have become after widespread citizen protests. MEPs from across the political spectrum sharply criticized the Council’s plans:

• Birgit Sippel (S&D) accused governments of misleading the public about the nature of “voluntary chat control” and criticized the lack of reliable data on the actual efficacy of mass scanning.
• Markéta Gregorová (Greens/EFA / Pirates) compared the planned chat control to physically opening every letter and demanded the Commission act as an “honest broker” in the upcoming negotiations.
• Jorge Buxadé Villalba (PfE) and Mary Khan (ESN) questioned mandatory age checks and the issue of liability for false suspicions, which could destroy the livelihoods of innocent citizens.
• Fabienne Keller (Renew) stressed the importance of swift negotiations in view of the expiring interim regulation, but stressed the need for a balanced legislative framework.

Commission’s Surprise Turn
While Commissioner Brunner rejected the term “Chat Control,” he sent a clear political signal: He offered to extend the current interim regulation (Derogation), which expires in April 2026, to remove time pressure from the negotiations and allow for a careful agreement. His open admission that he prefers the Parliament’s position (Zarzalejos report) over that of the Council is an unusual departure from the Commission’s standard support for EU governments.

Council Position Fragile
While the Parliament stands united, the Council’s mandate is built on shaky ground. The negotiating position of the member states was adopted without the support of key countries including Italy, Poland, the Netherlands, the Czech Republic, and Estonia, reflecting deep divisions among governments regarding the legality and proportionality of the measures.

The Trilogue negotiations are set to begin shortly. Thanks to the unified stance of the Parliament under Zarzalejos, chances have significantly improved that indiscriminate mass surveillance and the end of anonymous communication can be prevented.

Watch: Recording of today’s LIBE Committee meeting (skip to 10:10)

BACKGROUND: Key Battlegrounds in the Upcoming Trilogue

Two opposing worldviews will clash in the negotiations: The EU Parliament’s mandate (led by Javier Zarzalejos) focuses on targeted law enforcement and fundamental rights, while EU Governments (Council) push for broad monitoring and age restrictions.

1. Mass Surveillance vs. Targeted Investigation

• EU Governments (Council): Aim to cement so-called “voluntary” Chat Control. Providers like Meta or Google would be authorized to mass-scan private chats—not just for known abuse material, but also using error-prone AI to detect “new” material and text-based grooming.
  
  • The Risk: Police authorities warn of overloading. In 2024, nearly half (48%) of the chats reported to the German BKA were entirely legal (e.g., family beach photos).

  
  

• EU Parliament: Rejects indiscriminate scanning. Surveillance should occur only upon reasonable suspicion against specific individuals or groups and only with a judicial warrant. The “public web” should be proactively scanned, but private correspondence must remain private.

2. The End of Anonymity via Age Checks

• EU Governments (Council): Article 4 of the Council mandate effectively plans a mandatory ID check for all internet users. Users would have to upload an ID card, a facial scan, or use a state-issued “Wallet App” just to use email, messaging, or chat services.
  
  • The Risk: This marks the end of anonymous communication online. Whistleblowers, journalists’ sources, or political activists would no longer be protected by anonymity, as every account could be linked to a real-world identity.

  
  

• EU Parliament: Relies on “Security by Design” (safe defaults for children) and rejects mandatory age verification for messaging apps. Online anonymity must be preserved.

3. “Digital Lockout” for Under-17s

• EU Governments (Council): Article 6 of the Council text proposes prohibiting users under 17 from using apps with communication functions if there is a “significant risk” of cyber-grooming. Since studies show this risk exists almost everywhere (from WhatsApp to online games), this threatens a de facto app ban for teenagers.
• EU Parliament: Rejects age limits and app bans. The focus is on digital literacy and safety settings rather than excluding youth from digital participation.

Comment by Dr. Patrick Breyer (Digital Rights Expert, former MEP):

“Governments must be honest: While some claim to oppose ‘Chat Control,’ they have agreed to a Council text that allows US tech giants to do exactly that—massively scan our private lives. The Parliament, under Javier Zarzalejos, has charted a path compliant with fundamental rights: targeted pursuit of criminals instead of general suspicion against the entire population. If governments do not budge, we face a future where anonymous whistleblowing falls silent and teenagers are locked out of digital life.”

patrick-breyer.de/en/eu-chat-c…