InfoSecBulletin Cybersecurity for mankind
VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could be used for privilege escalation and remote code execution.
Vulnerabilities include:
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks
CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8):
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow an unauthorized individual with network access to vCenter Server to achieve remote code execution by exploiting a specifically crafted network packet.
CVE-2024-37081 (CVSS score: 7.8):
Multiple sudo misconfiguration vulnerabilities in VMware vCenter that an authenticated local user with non-administrative privileges could exploit to obtain root permissions.
QiAnXin LegendSec researchers Hao Zheng and Zibo Li found and reported CVE-2024-37079 and CVE-2024-37080. Matei “Mal” Badanoiu from Deloitte Romania discovered CVE-2024-37081.
The issues in vCenter Server versions 7.0 and 8.0 have been fixed in versions 7.0 U3r, 8.0 U1e, and 8.0 U2d.
Although there are no reports of the vulnerabilities being exploited, it’s important for users to quickly apply the patches due to their critical nature.
