VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a malicious user with basic access on a Windows guest virtual machine to execute high-privilege tasks within that VM.

VMware’s important bulletin states that an authentication bypass bug, due to improper access control, has a CVSS severity score of 7.8/10.

• Cyber Attack

Russia detects first SuperCard malware attacks via NFC

By infosecbulletin / Wednesday , June 18 2025

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...

Read More

• Cyber Attack
• Data Breach

Income Property Investments exposes 170,000+ Individuals record

By infosecbulletin / Tuesday , June 17 2025

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

By infosecbulletin / Tuesday , June 17 2025

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...

Read More

• Alert
• Vulnerabilities

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

By infosecbulletin / Tuesday , June 17 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...

Read More

• Data Breach

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

By infosecbulletin / Monday , June 16 2025

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...

Read More

• Cyber Attack
• Data Breach

Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems

By infosecbulletin / Sunday , June 15 2025

WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...

Read More

• Cyber Attack
• Data Breach
• International

Paraguay 7.4 Million Citizen Records Leaked on Dark Web

By infosecbulletin / Saturday , June 14 2025

Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...

Read More

• Vulnerabilities

High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

By infosecbulletin / Friday , June 13 2025

HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...

Read More

• Cyber Attack
• Data Breach

SoftBank: Over 137,000 personal info leaked

By infosecbulletin / Friday , June 13 2025

SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...

Read More

• Alert
• Vulnerabilities

Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

By infosecbulletin / Friday , June 13 2025

Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...

Read More

The company acknowledged a researcher from Positive Technologies, a Russian cybersecurity firm, for discovering the bug and stated that patches have been added to VMware Tools for Windows v 12.5.1.

The Linux and macOS versions of the utilities are not affected.

VMware Tools for Windows is a set of utilities and drivers that improves virtual machine performance and management, offering enhanced graphics, better mouse integration, and time synchronization between the host and guest operating systems.

Over 40% of cloud environments are vulnerable to RCE