Broadcom patched VMware zero-days CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 after Microsoft warned it of exploitation.
The post Broadcom Patches 3 VMware Zero-Days Exploited in the Wild appeared first on SecurityWeek.
Google Patches Pair of Exploited Vulnerabilities in Android
Android’s March 2025 security update addresses over 40 vulnerabilities, including two actively exploited in the wild.
The post Google Patches Pair of Exploited Vulnerabilities in Android appeared first on SecurityWeek.
Exploitation Long Known for Most of CISA’s Latest KEV Additions
Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog.
The post Exploitation Long Known for Most of CISA’s Latest KEV Additions appeared first on SecurityWeek.
Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw
The websites of dozens of major private and government organizations have been abused in a massive spam campaign that involves exploitation of a vulnerability affecting widely used virtual tour software. The attacks were observed recently by researcher Oleg Zaytsev who noticed that a Google search revealed what appeared to be adult content on the website […]
The post Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability
CISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog.
The post CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls
Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.
The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek.
Microsoft Patches Exploited Power Pages Vulnerability
Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek.
Trimble Cityworks Customers Warned of Zero-Day Exploitation
Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.
The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek.
Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine
Russian threat groups have been observed exploiting a zero-day vulnerability in 7-Zip against Ukrainian entities.
The post Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine appeared first on SecurityWeek.