VMware Archives

Vulnerabilities

VMware Patches High-Severity Code Execution Flaw in Fusion

VMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor.

Ionut ArghireSeptember 3, 2024

Vulnerabilities

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances

Shadowserver has observed over 20,000 internet-accessible VMware ESXi instances impacted by an exploited vulnerability.

Ionut ArghireAugust 1, 2024

Ransomware

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw

VMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw.

Ryan NaraineJuly 29, 2024

Data Protection

VMware Patches Critical SQL-Injection Flaw in Aria Automation

VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.

Ryan NaraineJuly 10, 2024

Vulnerabilities

Critical Code Execution Vulnerabilities Patched in VMware vCenter Server

Serious vulnerabilities that can allow remote code execution and privilege escalation have been patched in VMware vCenter Server.

Eduard KovacsJune 18, 2024

Incident Response

VMware Abused in Recent MITRE Hack for Persistence, Evasion

MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack.

Eduard KovacsMay 23, 2024

Vulnerabilities

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

VMware has patched three vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.

Eduard KovacsMay 14, 2024

Malware & Threats

VMware Patches Critical ESXi Sandbox Escape Flaws

The most serious flaws allow hackers with local admin rights to execute code as the virtual machine's VMX process running on the host.

Ryan NaraineMarch 5, 2024

Nation-State

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half.

Ionut ArghireJanuary 22, 2024

Vulnerabilities

VMware vCenter Server Vulnerability Exploited in Wild

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild.

Eduard KovacsJanuary 19, 2024

Vulnerabilities

VMware Urges Customers to Patch Critical Aria Automation Vulnerability

Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows.

Eduard KovacsJanuary 16, 2024

Cloud Security

Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

VMware flaw carries a CVSS severity-score of 9.8/10 and can be exploited to bypass login restrictions when authenticating on certain ports.

Ryan NaraineNovember 14, 2023

SECURITYWEEK NETWORK:

ICS:

All posts tagged "VMware"

Vulnerabilities

VMware Patches High-Severity Code Execution Flaw in Fusion

Vulnerabilities

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances

Ransomware

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw

Data Protection

VMware Patches Critical SQL-Injection Flaw in Aria Automation

Vulnerabilities

Critical Code Execution Vulnerabilities Patched in VMware vCenter Server

Incident Response

VMware Abused in Recent MITRE Hack for Persistence, Evasion

Vulnerabilities

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

Malware & Threats

VMware Patches Critical ESXi Sandbox Escape Flaws

Nation-State

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

Vulnerabilities

VMware vCenter Server Vulnerability Exploited in Wild

Vulnerabilities

VMware Urges Customers to Patch Critical Aria Automation Vulnerability

Cloud Security

Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

Featured

Incident Response

From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth

Vulnerabilities

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025

ICS/OT

Production at Steelmaker Nucor Disrupted by Cyberattack

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Malware & Threats

Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware

Vulnerabilities

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

Malware & Threats

Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday

Latest News

Ransomware

Google Warns UK Retailer Hackers Now Targeting US

Management & Strategy

In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach

Email Security

Russian APT Exploiting Mail Servers Against Government, Defense Organizations

Artificial Intelligence

FBI Warns of Deepfake Messages Impersonating Senior Officials

Vulnerabilities

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025

Cybercrime

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List

Data Breaches

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data

Daily Briefing Newsletter