VMware has released security updates to address multiple vulnerabilities affecting ESXi, Workstation, and Fusion. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, enable attackers to execute arbitrary code, escape the virtual machine sandbox, and leak sensitive memory data. Exploitation of these vulnerabilities has been observed in the wild. Affected Products: Vulnerability Details: Confirmed Exploitation VMware …

VMware Critical Vulnerabilities in ESXi, Workstation, and Fusion: Patches Released Read More »

Two security vulnerabilities have been identified in OpenSSH affecting both the client and server. These flaws, tracked as CVE-2025-26465 and CVE-2025-26466, enable attackers to impersonate servers and cause denial-of-service conditions. Both vulnerabilities have been present for extended periods, with mitigations available. CVE-2025-26465: MITM Attack on OpenSSH Client CVE-2025-26465 affects the OpenSSH client and enables a …

OpenSSH Vulnerabilities Expose Clients to MITM and DoS Attacks Read More »

Palo Alto Networks has disclosed a zero-day PAN-OS authentication bypass vulnerability, tracked as CVE-2025-010. The flaw allows attackers to access certain PHP scripts on the management web interface without authentication. It has been assigned a CVSS score of 8.8 and affects multiple PAN-OS versions. Vulnerability Overview The issue stems from missing authentication controls in the …

Palo Alto PAN-OS Zero-Day Vulnerability Enables Authentication Bypass Read More »

Fortinet recently disclosed CVE-2025-24472, a critical authentication bypass vulnerability in FortiOS and FortiProxy that allows attackers to gain super-admin privileges through crafted CSF proxy requests. This vulnerability affects: Fortinet patched the issue in January 2024 with updates to: Clarification on Exploitation and Patching In an update on February 11, 2025, Fortinet confirmed that CVE-2025-24472 is …

Fortinet Confirms CVE-2025-24472 Was Patched in January 2024 Read More »

Microsoft has released its February 2025 security updates, addressing 67 vulnerabilities across Windows, Office, Azure, Visual Studio, and Remote Desktop Services. The update includes patches for two actively exploited zero-day vulnerabilities that require immediate mitigation. Microsoft Zero-Day Vulnerabilities Both vulnerabilities are listed in CISA’s Known Exploited Vulnerabilities Catalog, indicating active exploitation. Publicly Disclosed Vulnerabilities Other …

Microsoft Patches Actively Exploited Zero-Day Vulnerabilities – Immediate Action Required Read More »

Veeam has patched a critical security flaw (CVE-2025-23114, CVSS 9.0) in its Backup software that allows remote code execution through a Man-in-the-Middle (MitM) attack. The issue resides in the Veeam Updater component, enabling attackers to execute arbitrary code with root-level privileges on affected systems. Affected Versions The vulnerability impacts the following products and versions: Patched …

Critical Veeam Vulnerability Enables Code Execution via Man-in-the-Middle Attack Read More »

Chinese AI startup DeepSeek exposed a ClickHouse database, allowing unauthorized access to sensitive data, including API secrets, chat logs, and backend details. Unauthorized Database Exposure A misconfigured ClickHouse database at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000 was left exposed, allowing anyone to execute SQL queries without authentication. This provided full access to stored data and potential privilege escalation …

DeepSeek AI Database Exposure Leaks Sensitive Data Read More »