VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a malicious user with basic access on a Windows guest virtual machine to execute high-privilege tasks within that VM.

VMware’s important bulletin states that an authentication bypass bug, due to improper access control, has a CVSS severity score of 7.8/10.

• Alert
• Vulnerabilities

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

By infosecbulletin / Saturday , April 26 2025

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

By infosecbulletin / Saturday , April 26 2025

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...

Read More

• Alert
• Vulnerabilities

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

By infosecbulletin / Friday , April 25 2025

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....

Read More

• Alert
• Vulnerabilities

NVIDIA NeMo Framework Vuln Allow Attackers RCE

By infosecbulletin / Friday , April 25 2025

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...

Read More

• Alert
• Vulnerabilities

Cisco Issued Urgent Security Advisories For Multiple Products

By infosecbulletin / Thursday , April 24 2025

Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due...

Read More

• Alert
• Vulnerabilities

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

By infosecbulletin / Thursday , April 24 2025

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....

Read More

• Alert
• Vulnerabilities

GitLab Releases Security Update For Multiple Vulns

By infosecbulletin / Thursday , April 24 2025

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...

Read More

• Alert
• Cyber Attack

ISPAB president “whatsapp” got hacked via phishing link

By infosecbulletin / Wednesday , April 23 2025

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...

Read More

• Alert
• Vulnerabilities

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

By infosecbulletin / Wednesday , April 23 2025

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...

Read More

• Data Breach
• Hot Topic

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

By infosecbulletin / Wednesday , April 23 2025

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...

Read More

The company acknowledged a researcher from Positive Technologies, a Russian cybersecurity firm, for discovering the bug and stated that patches have been added to VMware Tools for Windows v 12.5.1.

The Linux and macOS versions of the utilities are not affected.

VMware Tools for Windows is a set of utilities and drivers that improves virtual machine performance and management, offering enhanced graphics, better mouse integration, and time synchronization between the host and guest operating systems.

Over 40% of cloud environments are vulnerable to RCE