A newly patched high-severity VMware vulnerability has been exploited as a zero-day since October 2024 for code execution with elevated privileges, NVISO Labs reports. Tracked as CVE-2025-41244 (CVSS score of 7.8), the security defect impacts both VMware Aria Operations and VMware Tools. VMware’s parent company Broadcom rolled out patches this week, warning that the flaw ..
Tag : Vulnerabilities
Broadcom on Monday announced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Tools products, including four high-severity flaws. Both Aria Operations and VMware Tools are impacted by a high-severity local privilege escalation bug tracked as CVE-2025-41244. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools ..
Exploitation of a recently disclosed Fortra GoAnywhere MFT vulnerability started at least one week before patches were released, cybersecurity firm watchTowr reports. Fortra fixed the security defect, tracked as CVE-2025-10035 (CVSS score of 10/10), on September 18, making no mention of its in-the-wild exploitation, but sharing indicators-of-compromise (IoCs) to help organizations hunt for potential attacks. ..
Cisco on Thursday released emergency patches for two firewall vulnerabilities exploited as zero-days in attacks linked to the ArcaneDoor espionage campaign. Tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score of 6.5), the bugs impact the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) ..
The US cybersecurity agency CISA has shared details on the exploitation of a year-old GeoServer vulnerability to compromise a federal civilian executive branch (FCEB) agency. The exploited bug, tracked as CVE-2024-36401 (CVSS score of 9.8) and leading to remote code execution (RCE), was disclosed on June 30, 2024, two weeks before CISA added it to ..
Libraesva has addressed a vulnerability in its integrated email security platform that has been exploited in the wild. Tracked as CVE-2025-59689 (CVSS score of 6.1), the flaw is described as a command injection issue that could lead to the execution of arbitrary commands as a non-privileged user. According to Libraesva’s advisory, the bug could be ..
Some of the industrial control system (ICS) products made by Taiwan-based Novakon are affected by serious vulnerabilities, and the vendor does not appear to have released any patches. A subsidiary of iBASE Technology, Novakon designs and manufactures human-machine interfaces (HMIs), industrial PCs, and IIoT solutions. The company serves 18 countries across North America, Europe and ..
SEC Consult, a cybersecurity consulting firm under Eviden, says payment solutions company KioSoft took a long time to address a serious vulnerability affecting some of its NFC-based cards. KioSoft manufactures unattended self-service payment machines, including for laundromats, arcades, vending machines, and car washes. The company is based in Florida and has offices in seven countries ..
Cisco on Wednesday released patches for three vulnerabilities in IOS XR software, as part of its September 2025 security advisory bundled publication. Tracked as CVE-2025-20248 (CVSS score of 6), the first of the bugs is a high-severity issue in the IOS XR installation process that could allow attackers to bypass image signature verification. Successful exploitation ..
The maker of Passwordstate, an enterprise-grade password manager for storing companies’ most privileged credentials, is urging them to promptly install an update fixing a high-severity vulnerability that hackers can exploit to gain administrative access to their vaults. The authentication bypass allows hackers to create a URL that accesses an emergency access page for Passwordstate. From ..