VMware Aria Operations: Vulnerability allows privilege escalation
Broadcom warns of a high-risk vulnerability in VMware Aria Operations. Attackers can use it to extend their rights.
VMware Aria Operations: Sicherheitslücke erlaubt Rechteausweitung
Broadcom warnt vor einer hochriskanten Lücke in VMware Aria Operations. Angreifer können dadurch ihre Rechte ausweiten.
VMware: Companies will have to license 72 instead of 16 cores in future
Penalties return and the minimum number of cores to be licensed increases significantly: Broadcom continues its restructuring.
#ProxLB - an opensource & advanced VM loadbalancer for #Proxmox clusters. Including affinity & anti-affinity rules, maintenance mode (evacuating nodes) and more. I just published my slides about it.
Project: https://github.com/gyptazy/ProxLB
Slides: https://cdn.gyptazy.com/files/talks/ProxLB-Intelligent-Workload-Balancing-for-Proxmox-Clusters.pdf
1400 instances without a license? VMware files suit against Siemens
Siemens is alleged to have used around 1,400 instances of VMware software in the USA without a valid license. The Broadcom subsidiary is now going to court.
VMware tools enable rights extension in VMs
Due to a vulnerability in VMware Tools, attackers can elevate their rights in a VM. An update corrects this.
VMware Tools ermöglichen Rechteausweitung in VMs
Aufgrund einer Schwachstelle in den VMware Tools können Angreifer ihre Rechte in einer VM erhöhen. Ein Update korrigiert das.
Authentication bypass CVE-2025-22230 impacts #VMware Windows Tools
https://securityaffairs.com/175858/security/authentication-bypass-cve-2025-22230-in-vmware-tools-for-windows.html
#securityaffairs #hacking
What do you miss in #Proxmox or #XCPng?
My customers often told me, that when migrating from #VMware based setups, they would miss something like #DRS. As a result I published #ProxLB as a load balancer. Now, I do the same for #DPM and also some other things. What do you miss or what stops you or your business from switching to Proxmox or XCPng?
Workforce halved: Broadcom laid off 19,000 VMware employees since acquisition
Within two years, Broadcom has laid off more than half of VMware's employees. Analysts are satisfied with the takeover overall.
Belegschaft halbiert: Broadcom entließ seit Übernahme 19.000 VMware-Mitarbeiter
Innerhalb von zwei Jahren hat Broadcom mehr als die Hälfte der VMware-Mitarbeiter entlassen. Analysten zeigen sich mit der Übernahme insgesamt zufrieden.
Latest issue of my curated #cybersecurity and #infosec list of resources for week #10/2025 is out!
It includes the following and much more:
➝ #CYBERCOM and #CISA Told to Stop Tracking #Russia Actors;
➝ Alleged Black Basta #Ransomware Leader Escapes from Court;
➝ #VMWare 0day Vulnerabilities Being Exploited - Patch Now;
➝ Gang Claims Responsibility on Tata Technologies Breach;
➝ The Great Firewall of #China is Bleeding;
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end 
https://infosec-mashup.santolaria.net/p/template-infosec-mashup-xx-2025-b3ff0d41bdc019b3
Attacks on VMware ESXi: Tens of thousands of servers still vulnerable
Security researchers warn that despite ongoing attacks, more than 40,000 instances worldwide are still unpatched. Germany is also affected.
Attacken auf VMware ESXi: Immer noch zehntausende Server verwundbar
Sicherheitsforscher warnen, dass trotz laufender Angriffe weltweit noch mehr als 40.000 Instanzen nicht gepatcht sind. Davon ist auch Deutschland betroffen.
Уязвимости получили идентификаторы CVE-2025-22224, CVE-2025-22225 и CVE-2025-22226 и затрагивают продукты VMware ESX, включая VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation и Telco Cloud Platform.
Эти баги позволяют злоумышленникам, имеющим доступ уровня администратора или root, осуществить побег из песочницы виртуальной машины.
...
Иными словами, если хотя бы ВМ-клиент в уязвимой среде хостинга скомпрометирован, злоумышленник может получить контроль над гипервизором в этой хостинговой среде. То есть если клиент плохо защитил всего одну ВМ, все остальные ВМ в гипервизоре подвергаются риску.
U.S. CISA adds #Linux kernel and #VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/174923/security/u-s-cisa-adds-linux-kernel-and-vmware-esxi-and-workstation-flaws-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
#VMware fixed three actively exploited zero-days in ESX products
https://securityaffairs.com/174911/security/vmware-fixed-three-actively-exploited-zero-days-in-esx-products.html
#securityaffairs #hacking
Critical vulnerability in VMware ESXi, Fusion and Workstation is being abused
Broadcom warns of partly critical security leaks in VMware ESXi, Fusion and Workstation. Attackers are already abusing them.
Kritische Lücke in VMware ESXi, Fusion und Workstation wird missbraucht
Broadcom warnt vor teils kritischen Sicherheitslecks in VMware ESXi, Fusion und Workstation. Angreifer missbrauchen sie bereits.
VCF 9 in beta test: Broadcom brings simplified management of private clouds
Broadcom is testing VMware Cloud Foundation 9 in a closed beta. The new version is designed to simplify the management of private clouds.
