Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 10 – 2025

Publication date

07.03.2025

Featured Story

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

Scans show that tens of thousands of VMware ESXi instances are affected by the vulnerabilities disclosed recently as zero-days.

On March 4, VMware owner Broadcom informed ESXi, Workstation, and Fusion customers about the availability of patches for three zero-days exploited in the wild. Their exploitation can lead to arbitrary code execution, sandbox escapes, and memory leaks.

The flaws are tracked as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226, and they can allow attackers with elevated privileges to perform a VM escape.

SOC Analysis:
These flaws allow attackers to execute arbitrary code or escape the virtual machine (VM) environment, effectively breaching the isolation between guest VMs and the underlying hypervisor. This breakdown can lead to ransomware deployment or data exfiltration. Organizations should immediately apply Broadcom’s March 4 patches and follow best practices in virtualization security.

Other Stories

Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code With SYSTEM Privileges

A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. It involves DLL hijacking via the IPC channel and only affects versions with the Secure Firewall Posture Engine installed.

SOC Analysis:
Cisco Secure Client is vital for encrypted remote access. However, CVE-2025-20206 undermines its integrity. Cisco has released a fix—users should update to version 5.1.8.1 or later to prevent privilege escalation or compromise.

Elastic Patches Critical Kibana Flaw Allowing Code Execution

Elastic released patches for a critical vulnerability in Kibana (CVE-2025-25012, CVSS 9.9) that allows remote code execution via specially crafted files and HTTP requests.

SOC Analysis:
The flaw stems from prototype pollution in Kibana’s upload and request logic. Organizations using Kibana should immediately upgrade to version 8.17.3. As a temporary fix, disabling xpack.integration_assistant is recommended.

Warning: 224 Million Stolen Passwords Are Circulating Freely on the Internet

224 million newly leaked passwords are now openly available online, posing serious risks to individuals and organizations alike. Users are urged to check their exposure using tools like Have I Been Pwned.

SOC Analysis:
We recommend the following:
  • Enable two-factor authentication (2FA) for all accounts
  • Use unique, strong passwords for each service
  • Routinely check if your credentials have been compromised

Our SOC is available to assist if you suspect account compromission or need support in improving credential hygiene.


Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?