On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory corruption vulnerability in the Windows scripting engine (CVE-2025-30397) that is being exploited to remotely execute malicious code. “The user would have to click on a specially crafted URL to be compromised by the attacker,” … More

The post Patch Tuesday: Microsoft fixes 5 actively exploited zero-days appeared first on Help Net Security.