Featured Story
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
Scans show that tens of thousands of VMware ESXi instances are affected by the vulnerabilities disclosed recently as zero-days.
On March 4, VMware owner Broadcom informed ESXi, Workstation, and Fusion customers about the availability of patches for three zero-days exploited in the wild. Their exploitation can lead to arbitrary code execution, sandbox escapes, and memory leaks.
The flaws are tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and they can allow attackers with elevated privileges to perform a VM escape.
These flaws allow attackers to execute arbitrary code or escape the virtual machine (VM) environment, effectively breaching the isolation between guest VMs and the underlying hypervisor. This breakdown can lead to ransomware deployment or data exfiltration. Organizations should immediately apply Broadcom’s March 4 patches and follow best practices in virtualization security.
Other Stories
Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code With SYSTEM Privileges
A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. It involves DLL hijacking via the IPC channel and only affects versions with the Secure Firewall Posture Engine installed.
Cisco Secure Client is vital for encrypted remote access. However, CVE-2025-20206 undermines its integrity. Cisco has released a fix—users should update to version 5.1.8.1 or later to prevent privilege escalation or compromise.
Elastic Patches Critical Kibana Flaw Allowing Code Execution
Elastic released patches for a critical vulnerability in Kibana (CVE-2025-25012, CVSS 9.9) that allows remote code execution via specially crafted files and HTTP requests.
The flaw stems from prototype pollution in Kibana’s upload and request logic. Organizations using Kibana should immediately upgrade to version 8.17.3. As a temporary fix, disabling
xpack.integration_assistant
is recommended.Warning: 224 Million Stolen Passwords Are Circulating Freely on the Internet
224 million newly leaked passwords are now openly available online, posing serious risks to individuals and organizations alike. Users are urged to check their exposure using tools like Have I Been Pwned.
We recommend the following:
- Enable two-factor authentication (2FA) for all accounts
- Use unique, strong passwords for each service
- Routinely check if your credentials have been compromised
Our SOC is available to assist if you suspect account compromission or need support in improving credential hygiene.