Saturday , February 1 2025
Cisco webex

Vulnarabilitties found in Cisco webex and VMware Aria operation

infosecbulletin 4 hours ago Vulnerabilities

A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of organizations using the platform.

Identified in July 2024, the flaw exposed sensitive communications from potentially thousands of organizations, including IT help desks and customer service operations.

Indian tech giant Tata Tech hit by ransomware attack

By infosecbulletin / Saturday , February 1 2025
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

By infosecbulletin / Friday , January 31 2025
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Microsoft to boost M365 bounty program rewards Up to $27,000

By infosecbulletin / Friday , January 31 2025
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for...
Read More
Microsoft to boost M365 bounty program rewards Up to $27,000

DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

By infosecbulletin / Friday , January 31 2025
Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured...
Read More
DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

By infosecbulletin / Thursday , January 30 2025
Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate...
Read More
Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

Hackers leverage Google’s subdomains, phone number to attack victims

By infosecbulletin / Thursday , January 30 2025
Scammers called a victim using Google's official support number and sent an email from an official subdomain. It's unclear how...
Read More
Hackers leverage Google’s subdomains, phone number to attack victims

DeepSeek Sensitive data exposed To Web: Wiz report

By infosecbulletin / Thursday , January 30 2025
New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on...
Read More
DeepSeek Sensitive data exposed To Web: Wiz report

“FirePass” starts its operation in Bangladesh officially

By infosecbulletin / Wednesday , January 29 2025
FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class...
Read More
“FirePass” starts its operation in Bangladesh officially

PoC Exploit Released for TP-Link Router XSS Vuln

By infosecbulletin / Wednesday , January 29 2025
A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is...
Read More
PoC Exploit Released for TP-Link Router XSS Vuln

CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild

By infosecbulletin / Wednesday , January 29 2025
Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series...
Read More
CVE-2024-40891 Zyxel CPE Zero-Day Exploited in the Wild

Proof-of-Concept and Real-World Impact:

Researchers developed a proof-of-concept script showing how attackers can exploit a vulnerability using only minimal information, like the app UUID in the widget’s JavaScript or the domain hosting the chat, according to the Ophion Security blog.

Organizations using Cisco Webex Chat should promptly audit their systems to ensure they have the latest patched version of the software.

#

VMware issued a critical security advisory, VMSA-2025-0003, for vulnerabilities in VMware Aria Operations for Logs, VMware Aria Operations, and VMware Cloud Foundation.

The vulnerabilities CVE-2025-22218 to CVE-2025-22222 allow admin-level actions, posing a serious risk to affected systems.

VMware has released patches to address vulnerabilities rated with CVSSv3 scores between 5.2 and 8.5, urging customers to update promptly.

Affected Products

The vulnerabilities impact the following VMware products:

VMware Aria Operations for Logs (version 8.x)
VMware Aria Operations (version 8.x)
VMware Cloud Foundation (versions 4.x and 5.x)

VMware advises customers to promptly apply the patches from version 8.18.3 of VMware Aria Operations for Logs and VMware Aria Operations to fix vulnerabilities.

 

 

 

Check Also

XSS

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin