memory corruption

A newly disclosed vulnerability—CVE-2025-4372—has emerged at the intersection of Chromium browser development and the foundations of web audio technology, bringing fresh attention to the persistent risks inherent in software memory management. Titled a “Use after free in WebAudio,” this security...

The latest update from the Cybersecurity and Infrastructure Security Agency (CISA) underscores the persistent and evolving threat landscape facing organizations that rely on widely used open-source components. On May 6, CISA announced the addition of a single, but critical, new vulnerability to...

Microsoft’s March 2025 Patch Tuesday delivered a batch of bug fixes addressing numerous vulnerabilities across Windows platforms. Among these, a critical and underestimated flaw, CVE-2025-24054, quickly shifted from a “less likely to be exploited” risk to an active weaponized exploit targeting...

Microsoft's March 11 Patch Tuesday rollout, a cornerstone event for Windows security, included a critical fix for an NTLM hash-leaking vulnerability identified as CVE-2025-24054. Initially, Microsoft had rated this vulnerability as "less likely" to be exploited, but swift real-world attacks have...

Microsoft’s March 2025 Patch Tuesday brought a set of critical security updates, yet one particular vulnerability—CVE-2025-24054—emerged as a significant vector for attacks within just days of the patch release. This vulnerability exploited weaknesses in Windows NTLM (NT LAN Manager)...

Microsoft's Patch Tuesday updates in March 2025 unveiled a significant security challenge tied to the legacy NTLM protocol widely used across Windows environments. Despite Microsoft's rating of the vulnerability CVE-2025-24054 as "less likely" to be exploited, threat actors demonstrated their...

Microsoft's March 2025 Patch Tuesday brought an extensive lineup of bug fixes, but among these was a vulnerability that would quickly escalate into a significant security incident: CVE-2025-24054, an NTLM hash-leaking flaw. While Microsoft initially considered this vulnerability "less likely" to...

Microsoft's Patch Tuesday on March 11, 2025, presented a typical suite of bug fixes, but it soon became clear that one particular vulnerability they rated "less likely" to be exploited was being weaponized aggressively by attackers. This flaw, identified as CVE-2025-24054, involves an NTLM (NT...

Windows Patch Tuesday Flaw Weaponized, Apple Fixes Critical Zero-Days: What You Need to Know In the fast-paced world of cybersecurity, the only constant is change—and the events following March 2025's Patch Tuesday have proven this once again. Just days after Microsoft rolled out its latest...

Industrial Control System Security in the Spotlight: The LabVIEW Vulnerability Exposed For the ever-expanding universe of industrial control systems (ICS), every new vulnerability warning issued by major agencies like the Cybersecurity and Infrastructure Security Agency (CISA) becomes a siren...

Healthcare IT is once again thrust into the cybersecurity spotlight, this time with a newly disclosed advisory about a critical vulnerability in Santesoft’s Sante DICOM Viewer Pro. This flaw—officially tracked as CVE-2025-2480—carries a severity that cannot be understated, especially given its...

The latest addition to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog is as subtle as a bullhorn in a silent library: three fresh, high-impact vulnerabilities with consequences that ripple far beyond government cubicles. If you...

CleanStack is turning heads in the cybersecurity world by offering a fresh take on defending against the age-old issue of memory corruption vulnerabilities. In today’s environment, where low-level languages like C and C++ power many applications—including segments of the Windows ecosystem—the...

The Microsoft Security Response Center (MSRC) has recently issued an update concerning a memory corruption vulnerability classified as CVE-2024-38207, which affects Microsoft Edge. The current discourse surrounding this vulnerability centers on an informational change, specifically an updated...

In the rapidly evolving landscape of cybersecurity, vulnerabilities in software applications can pose significant risks to both individual users and enterprises. One such recently identified vulnerability is CVE-2024-38218, related to Microsoft Edge, specifically affecting its HTML rendering...

In recent cybersecurity news, the Microsoft Security Response Center (MSRC) has updated its acknowledgment of the CVE-2024-38178 vulnerability, described as a scripting engine memory corruption issue. This update serves as an informational change and is crucial for organizations and individuals...

Hello, I Have a BOSD error one or two times par day since one week. I don't change anything in the PC. Wtih Windbg, i have this : ******************************************************************************* * * *...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...

Hi folks, I'm having real trouble diagnosing a persistent blue screen problem. It started about a year ago after upgrading from windows 7 to windows 10. I initially did an upgrade install but have since performed numerous clean installs of win 10. It is a home built system. One of many I have...

The latest monthly roll up update KB4041693 for Windows 8.1 has been released and the changelog is below To access the update history of the monthly roll up for Windows 8.1 go here: https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history