Alert

As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited CVE-2025-22224. 41,500 unpatched ESXi instances represent a major part of global virtualization, especially in healthcare, finance, and telecommunications. Broadcom released an emergency update to fix a vulnerability that allows attackers …

Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among these are several high-severity flaws that could potentially allow remote code execution or lead to crashes. The update version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for macOS includes …

Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 affect VMware ESXi, Workstation, and Fusion. Patches have been released for all affected products, but no workarounds are available. CVE-2025-22224 is a critical VMCI heap overflow vulnerability in VMware ESXi …

Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect Android versions 12 to 15, posing increasing risks for billions of devices. The bulletin requires the immediate installation of the 2025-03-05 security patch to address remote code execution and privilege …

CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these flaws are being actively exploited, CISA has not shared specific details about the attacks or the perpetrators. CVE-2023-20118 allows attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, …

Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash the devices, leading to a denial of service (DoS). Cisco reports that a vulnerability exists due to improper handling of certain Ethernet frames. An attacker can exploit this by repeatedly …

GitLab has released a security advisory, urging all self-managed installations to upgrade to versions 17.9.1, 17.8.4, or 17.7.6 due to critical vulnerabilities, including serious Cross-Site Scripting (XSS) issues that may compromise user data. The Kubernetes proxy vulnerability (CVE-2025-0475) has a CVSS score of 8.7, signifying a high risk. It affects …

Cybersecurity researchers have discovered a campaign exploiting a remote command execution vulnerability, CVE-2023-20118, in Cisco Small Business Routers. This vulnerability affects models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw in these devices is their web-based management interface, which has poor input validation. This allows unauthorized attackers to run …