High-Severity Vulnerability in VMware Tools Allows Privilege Escalation
High-Severity Vulnerability in VMware Tools Allows Privilege Escalation A newly discovered high-severity vulnerability (CVE-2025-22230) in VMware Tools for Windows could allow attackers with limited access inside a virtual machine (VM) to escalate their privileges and execute high-privilege operations. Affecting VMware Tools versions 11.x.x and 12.x.x, this flaw has been assigned a CVSSv3 score of 7.8, […]
Surge in Real Estate Scams Across the Middle East
Surge in Real Estate Scams Across the Middle East A new wave of real estate scams has emerged across the Middle East, targeting individuals and businesses seeking to invest in property. Cybercriminals are using fake property listings, fraudulent investment schemes, and phishing attacks to deceive victims into transferring large sums of money. These scams are […]
Six Million Records Reportedly Stolen in Oracle Cloud Breach
Six Million Records Reportedly Stolen in Oracle Cloud Breach A threat actor known as “rose87168” claims to have breached Oracle Cloud’s authentication systems, allegedly exfiltrating six million records impacting over 140,000 tenants. The stolen data reportedly includes JKS files, encrypted SSO and LDAP passwords and JPS keys, with the attacker demanding payment for data removal. […]
High-Risk Junos OS Vulnerability Exposes Networks to Privilege Escalation Risks
High-Risk Junos OS Vulnerability Exposes Networks to Privilege Escalation Risks A critical vulnerability has been identified in the kernel of Juniper Networks’ Junos OS. This flaw arises from improper isolation or compartmentalization within the operating system, allowing a local attacker with high privileges and shell access to inject and execute arbitrary code. Notably, this vulnerability […]
Critical Apache Tomcat Vulnerability Enables Remote Code Execution
Critical Apache Tomcat Vulnerability Enables Remote Code Execution A critical security vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0-M1 through 10.1.34, and 11.0.0-M1 through 11.0.2 has been identified. This flaw arises from improper handling of file paths containing internal dots, leading to potential remote code execution (RCE), information disclosure, or unauthorized content modification. Technical […]
Zoom Issues Urgent Patch for High-Risk Vulnerabilities
Zoom Issues Urgent Patch for High-Risk Vulnerabilities Recent security vulnerabilities in Zoom Workplace Apps and SDKs, including heap-based buffer overflow CVE-2025-27440, buffer underflow CVE-2025-27439, use-after-free CVE-2025-0151, and incorrect behavior order CVE-2025-0150, pose significant risks to users. These flaws could allow remote attackers to execute arbitrary code, escalate privileges, or cause denial-of-service (DoS) conditions. Zoom has […]
Type Confusion in V8 in Google Chrome Vulnerabilities
Type Confusion in V8 in Google Chrome Vulnerabilities Google Chrome has recently addressed two critical vulnerabilities, CVE-2025-1920 and CVE-2025-2135, both stemming from type confusion issues in the V8 JavaScript engine. These vulnerabilities could allow remote attackers to execute arbitrary code by tricking users into visiting specially crafted web pages. To mitigate these risks, users are […]
Commvault Reported Critical Webserver Vulnerability
Commvault Reported Critical Webserver Vulnerability Commvault has recently patched a critical vulnerability in its software affecting versions 11.20 to 11.36. This flaw, present in both Linux and Windows platforms, could enable attackers to deploy webshells on web servers, potentially granting unauthorized system access. If exploited, the vulnerability could result in data breaches and other malicious […]
Zero-Day Vulnerabilities Active in VMware ESXi & Workstations
Zero-Day Vulnerabilities Active in VMware ESXi & Workstations More than 37,000 VMware ESXi instances remain vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw actively exploited in the wild. The Shadowserver Foundation initially reported 41,500 affected instances, with 4,500 patched since then. Broadcom has warned about CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, all of which have been exploited […]
Severe Security Vulnerabilities in IBM Storage Virtualize
Severe Security Vulnerabilities in IBM Storage Virtualize IBM Storage Virtualize has been affected by two critical security vulnerabilities, CVE-2025-0159 and CVE-2025-0160, that affect GUI of many IBM Storage Virtualizations, posing significant risks to data security and system integrity. These vulnerabilities impact multiple versions of IBM FlashSystem, IBM SAN Volume Controller, and IBM Storwize series, potentially […]