Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation.
The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek.
Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability
Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM.
The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek.
High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter
The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames.
The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter appeared first on SecurityWeek.
Scattered Spider Targeting VMware vSphere Environments
The financially motivated group is pivoting from Active Directory to VMware vSphere environments, deploying ransomware from the hypervisor.
The post Scattered Spider Targeting VMware vSphere Environments appeared first on SecurityWeek.
Chinese Spies Target Networking and Virtualization Flaws to Breach Isolated Environments
Chinese cyberespionage group Fire Ant is targeting virtualization and networking infrastructure to access isolated environments.
The post Chinese Spies Target Networking and Virtualization Flaws to Breach Isolated Environments appeared first on SecurityWeek.
VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched
Four CVEs disclosed at the Pwn2Own Berlin 2025 hacking competition have been patched in VMware products.
The post VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched appeared first on SecurityWeek.
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.
Vulnerabilities Patched by Juniper, VMware and Zoom
Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products.
The post Vulnerabilities Patched by Juniper, VMware and Zoom appeared first on SecurityWeek.
VMware Patches Authentication Bypass Flaw in Windows Tools Suite
The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.
The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek.
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.
The post Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks appeared first on SecurityWeek.