Tag: vmware
-
Broadcom sends VMware to record revenue, margins, as most big customers sign for private cloud bundles
Chip biz surging too as CEO Hock Tan predicts optical GPU interconnects are a year or two away First seen on theregister.com Jump to article: www.theregister.com/2025/06/06/broadcom_q2_2025/
-
VMware NSX XSS Vulnerability Exposes Systems to Malicious Code Injection
Broadcom has issued a high-severity security advisory (VMSA-2025-0012) for VMware NSX, addressing three newly discovered stored Cross-Site Scripting (XSS) vulnerabilities: CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245. These vulnerabilities impact the NSX Manager UI, gateway firewall, and router port components, exposing organizations to potential code injection attacks if left unpatched. The vulnerabilities, all stemming from improper input validation,…
-
Broadcom Streamlines Reseller Program to Strengthen VMware Delivery
Tags: vmwareFirst seen on scworld.com Jump to article: www.scworld.com/news/broadcom-streamlines-reseller-program-to-strengthen-vmware-delivery
-
VMware drops the lowest tier of its partner program except in Europe
Wants channel to be all in on private cloud as more details emerge on VCF 9 licensing and hardware First seen on theregister.com Jump to article: www.theregister.com/2025/06/01/vmware_channel_changes/
-
Hoher Schweregrad – Mehrere Sicherheitslücken in VMware Cloud Foundation
First seen on security-insider.de Jump to article: www.security-insider.de/broadcom-vmware-cloud-foundation-sicherheitsluecken-update-a-74d4b9d2be0b6be082b8c23a54089986/
-
VMware price hikes? Between 800 and 1,500%, claim Euro customers
Tags: vmwareReport slates end of perpetual licenses, death of monthly pay-as-you-go model, and ‘punitive’ changes by Broadcom First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/euro_cloud_body_ecco_says_broadcom_licensing_unfair/
-
Dell creates one private cloud to rule them all and in the datacenter bind them
Mix Master Mike will spin up Nutanix, VMware, Red Hat on the same beastly cluster First seen on theregister.com Jump to article: www.theregister.com/2025/05/20/dell_private_cloud/
-
DragonForce mischt die Ransomware-Szene auf und legt sich mit der Konkurrenz an
Die Sicherheitsforscher von Sophos beobachten die Aktivitäten der Gruppe schon seit geraumer Zeit. DragonForce greift gezielt klassische IT-Infrastrukturen ebenso wie virtualisierte Umgebungen (z.”¯B. VMware ESXi) an. Die Angreifer setzen auf den Diebstahl von Zugangsdaten, missbrauchen Active Directory und schleusen sensible Daten aus den Systemen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/dragonforce-mischt-die-ransomware-szene-auf-und-legt-sich-mit-der-konkurrenz-an/a40893/
-
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users’ machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trojanized-rvtools-push-bumblebee-malware-in-seo-poisoning-campaign/
-
Trust becomes an attack vector in the new campaign using trojanized KeePass
Tags: access, api, attack, authentication, backup, breach, ceo, control, credentials, defense, edr, identity, open-source, password, ransomware, risk, service, software, veeam, vmware, zero-trustIdentity is the new perimeter: Once KeeLoader stole vault credentials-often including domain admin, vSphere, and backup service accountattackers moved fast. Using SSH, RDP, and SMB protocols, they quietly seized control of jump servers, escalated privileges, disabled multifactor authentication, and pushed ransomware payloads directly to VMware ESXi hypervisors.Jason Soroko of Sectigo called it a “textbook identity…
-
Critical VMware ESXi vCenter Flaw Allows Remote Execution of Arbitrary Commands
VMware by Broadcom has released critical security updates to address multiple severe vulnerabilities affecting its virtualization products, with evidence suggesting active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, affect VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform products. With CVSS scores ranging from 7.1 to 9.3, these flaws…
-
Hacking contest exposes VMware security
In what has been described as a historical first, hackers in Berlin have been able to demo successful attacks on the ESXi hypervisor First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366624198/Hacking-contest-exposes-VMware-security
-
Bumblebee Malware Takes Flight via Trojanized VMware Utility
An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bumblebee-malware-trojanized-vmware-utility
-
RVTools hit in supply chain attack to deliver Bumblebee malware
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack where hackers replaced a DLL in the distributed installer to drop the Bumblebee malware loader on users’ machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rvtools-hit-in-supply-chain-attack-to-deliver-bumblebee-malware/
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer
The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility.”Robware.net and RVTools.com are currently offline. We are working expeditiously to restore service and appreciate your patience,” the company said in a statement posted on its website.”Robware.net and RVTools.com are the only authorized and supported websites…
-
Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems
A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on May 13, 2025, to disseminate the sneaky Bumblebee loader virus, serving as a sobering reminder of the vulnerabilities present in software supply chains. This incident, detected by a security operations team through a high-confidence alert from Microsoft Defender for Endpoint, revealed…
-
Pwn2Own Berlin 2025: total prize money reached $1,078,750
Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned $383,750 for demonstrating zero-day in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox. During the competition, the participants earned a total of $1,078,750, demonstrating…
-
Pwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and Firefox
The Pwn2Own Berlin 2025 last day ended with impressive technological accomplishments, bringing the total prize money over one million dollars. Security researchers demonstrated sophisticated exploitation techniques against high-profile targets including Windows 11, VMware ESXi, and Mozilla Firefox, revealing critical zero-day vulnerabilities that vendors must now address. The three-day hacking competition showcased 28 unique zero-day vulnerabilities,…
-
Pwn2Own Berlin: Firefox, Sharepoint und VMware-Produkte gehackt
Teilnehmer der Pwn2Own in Berlin haben zahlreiche Softwareprodukte attackiert. Ein Hersteller hat besonders schnell reagiert und sofort Patches verteilt. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-firefox-sharepoint-und-vmware-produkte-gehackt-2505-196310.html
-
VMware ESXi, Firefox, Red Hat Linux SharePoint Hacked Pwn2Own Day 2
Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties. The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded a cumulative total of $695,000 with participants revealing 20 unique zero-day vulnerabilities thus far. With…
-
No workaround leads to more pain for VMware users
There are patches for the latest batch of security alerts from Broadcom, but VMware users on perpetual licences may not have access First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366624052/No-workaround-leads-to-more-pain-for-VMware-users
-
Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox. On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition. The participants demonstrated…
-
Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked
The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with… First seen on hackread.com Jump to article: hackread.com/pwn2own-berlin-2025-windows-11-vmware-firefox-hacked/
-
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
New VMware Tools Vulnerability Allows Attackers to Tamper with Virtual Machines, Broadcom Issues Urgent Patch
A newly disclosed VMware Tools vulnerability could enable attackers with limited access to compromise virtual machines (VMs). Broadcom, which owns VMware, issued a security advisory warning that the flaw could be exploited to perform insecure file operations within affected VMs. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vmware-tools-vulnerability-cve-2025-22247/