On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a malicious user with basic access on a Windows guest virtual machine to execute high-privilege tasks within that VM. VMware’s important bulletin states that an authentication bypass bug, due to improper …

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities, which have a CVSS score of 9.8. Wiz Security named four vulnerabilities “IngressNightmare” that affect the admission controller of the popular open-source software used for directing external traffic to Kubernetes …

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many large companies, Next.js facilitates rapid development with advanced React features and Rust-based JavaScript tools. A recent security advisory has highlighted a critical authorization bypass issue that requires urgent action from …