Featured Story
Broadcom Warns of Authentication Bypass in VMware Windows Tools
Broadcom has released a security advisory addressing a high-severity authentication bypass vulnerability in VMware Tools for Windows (CVE-2025-22230). The flaw allows a local low-privileged user to gain higher privileges on the virtual machine. This issue is present in versions 12.x.y and 11.x.y of VMware Tools for Windows.
The company has released updated versions of VMware Tools to resolve this issue and urges users to upgrade to a fixed version as soon as possible. The flaw specifically impacts Windows guests and not other operating systems.
Exploitation of this flaw could allow lateral movement within compromised networks. The ability to elevate privileges makes it a prime candidate for follow-up attacks or post-exploitation actions. Upgrade VMware Tools in your environment urgently to minimize exposure.
Other Stories
CrushFTP Urges Immediate Patching of Unauthenticated Access Flaw
CrushFTP has disclosed a critical vulnerability (CVE-2025-2825) allowing unauthenticated attackers to access its HTTP(S) ports. This affects both v10 and v11, and updates are available in versions 10.8.4+ and 11.3.1+.
This vulnerability is currently being exploited in the wild. If your CrushFTP instance is public-facing and unpatched, it could allow attackers to bypass authentication and gain direct access to the interface. Immediate patching is advised.
VSCode Marketplace Removes Extensions Deploying Early-Stage Ransomware
Two malicious extensions, “ahban.shiba” and “ahban.cychelloworld”, were recently removed from the Visual Studio Code Marketplace. They delivered early-stage ransomware payloads and affected over 50,000 installations.
This incident highlights the importance of reviewing third-party extensions in development environments. Enforce extension whitelists