X

Vous n'êtes pas connecté

Rubriques :

Maroc Maroc - SECURITYAFFAIRS.CO - A La Une - 04/Feb 22:02

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue in VMware ESXi. An attackers with privileges within the VMX process may trigger an arbitrary […]

Articles similaires

Sorry! Image not available at this time

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

bleepingcomputer.com - 20/Feb 17:02

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure...

Sorry! Image not available at this time

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

bleepingcomputer.com - 20/Feb 17:02

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure...

Sorry! Image not available at this time

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

securityaffairs.co - 13/Feb 15:19

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors...

Sorry! Image not available at this time

Windows Remote Desktop Services 0-Day Vulnerability Exploited in the Wild to Escalate Privileges

itsecuritynews.info - 11/Feb 03:31

Microsoft has patched CVE-2026-21533, a zero-day elevation of privilege vulnerability in Windows Remote Desktop Services (RDS) that attackers are...

Sorry! Image not available at this time

Critical SandboxJS Vulnerability Allows Remote Host Takeover – PoC Released

itsecuritynews.info - 11/Feb 17:18

A severe sandbox escape vulnerability has been discovered in the JavaScript library, enabling attackers to execute arbitrary code on host systems. The...

Sorry! Image not available at this time

Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover

itsecuritynews.info - 19/Feb 11:09

A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for...

Sorry! Image not available at this time

Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover

itsecuritynews.info - 19/Feb 11:09

A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for...

Sorry! Image not available at this time

CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks

itsecuritynews.info - 14/Feb 04:20

CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM). Tracked as CVE-2024-43468,...

Sorry! Image not available at this time

CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks

itsecuritynews.info - 14/Feb 04:20

CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM). Tracked as CVE-2024-43468,...

Sorry! Image not available at this time

CISA flags critical Microsoft SCCM flaw as exploited in attacks

bleepingcomputer.com - 13/Feb 12:35

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October...

Les derniers communiqués