Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

WhatsApp launches the long-awaited iPad app

May 27, 2025

Ali Partovi and Russell Kaplan join StrictlyVc Menlo Park

May 27, 2025

Rocket Lab Backer's first publication raises $25 million to fund New Zealand's Deep High-Tech Moonshot

May 27, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    WhatsApp launches the long-awaited iPad app

    May 27, 2025

    Browser companies contemplate selling or open-sourcing arc browser within a pivot focused on AI

    May 27, 2025

    Digg Founder Kevin Rose offers to buy a pocket from Mozilla

    May 23, 2025

    Bluesky begins to check for “notable” users

    May 22, 2025

    Mozilla shuts down its Read-It-Later app pocket

    May 22, 2025
  • Crypto

    Vote for the session you want to watch in 2025

    May 26, 2025

    Save $900 + 90% from 2 tickets to destroy 2025 in the last 24 hours

    May 25, 2025

    Only 3 days left to save up to $900 to destroy the 2025 pass

    May 23, 2025

    Starting from up to $900 from Ticep, 90% off +1 in 2025

    May 22, 2025

    Early savings for 2025 will end on May 25th

    May 21, 2025
  • Security

    Naukri has published the recruiter's email address, researchers say

    May 24, 2025

    Apple CEO reportedly urged the Texas governor to abandon the online child safety bill

    May 23, 2025

    Artemis Seaford and Ion Stoica cover the ethical crisis in their sessions: AI

    May 23, 2025

    Mysterious hacking group Careto was run by the Spanish government, sources say

    May 23, 2025

    Microsoft says Lumma Password Stealer Malware found on 394,000 Windows PCs

    May 22, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Ali Partovi and Russell Kaplan join StrictlyVc Menlo Park

    May 27, 2025

    Rocket Lab Backer's first publication raises $25 million to fund New Zealand's Deep High-Tech Moonshot

    May 27, 2025

    Application in just 2 weeks left: Startup Battlefield 200 | TechCrunch

    May 26, 2025

    Things you don't want to miss on October 20th

    May 25, 2025

    Khosla ventures among VCS experimenting with AI injection rollups in mature companies

    May 23, 2025
TechBrunchTechBrunch

Broadcom encourages VMware customers to patch “urgent” zero-day bugs under active exploitation

TechBrunchBy TechBrunchMarch 5, 20253 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


US technology giant Broadcom warns that a trio of VMware vulnerabilities have been actively exploited by malicious hackers to compromise the network of corporate customers.

Three vulnerabilities, collectively referred to as “espageape” by one security researcher, affect VMware ESXI, workstations, and fusion. It is a widely used software hypervisor product that allows you to manage multiple virtual machines on a single server. Hypervisors are commonly used to reduce the need to take up space on physical servers.

Broadcom, which acquired VMware in 2023, said the vulnerability (tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) could allow Virtual Machine administrators or attackers with root privileges or attackers with root privileges to escape protected sandboxes.

Access to the hypervisor allows an attacker to access other virtual machines, including virtual systems owned by other companies in the same physical data center.

Broadcom says it has “information to suggest” that the vulnerability is being exploited in the wild.

“The impact here is enormous. Attackers who compromise a hypervisor can compromise other virtual machines that share the same hypervisor,” Stephen, Le Le Telligence Company Rapid7's leading security researcher, told TechCrunch.

Broadcom did not share details about the nature of the attack or the threat actors behind it, nor did it say whether customer data was accessed. A Broadcom spokesman did not respond to TechCrunch questions. Microsoft, which discovered and reported a Broadcom vulnerability, also did not respond to the reporting time.

Security researcher Kevin Beaumont said in a Mastodon post that the three vulnerabilities are being actively exploited by yet-known ransomware groups.

VMware's vulnerabilities are frequently targeted by ransomware groups, due to their ability to be exploited to compromise multiple servers during a single attack, considering that enterprise data that is often stored in these virtualized environment-sensitive.

In 2024, Microsoft discovered that several ransomware groups were leveraging the VMware hypervisor flaw in attacks that deploy Black Basta and Lockbit ransomware in data steal campaigns targeting corporate data. The previous year, a massive hacking campaign called “Esxiargs” was leveraging a vulnerability in VMware from two years ago, targeting thousands of organizations around the world.

Broadcom has released patches for three vulnerabilities: This is classified as a “zero-day” bug because it was exploited before the fix became available. Broadcom describes its security advisory as an “urgent” change, urging customers to apply patches as soon as possible.

Additionally, CISA, a US government cybersecurity agency, has warned federal agencies to patch bugs. This has been added to the execution catalog for vulnerabilities known to be under attack.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Naukri has published the recruiter's email address, researchers say

May 24, 2025

Apple CEO reportedly urged the Texas governor to abandon the online child safety bill

May 23, 2025

Artemis Seaford and Ion Stoica cover the ethical crisis in their sessions: AI

May 23, 2025

Mysterious hacking group Careto was run by the Spanish government, sources say

May 23, 2025

Microsoft says Lumma Password Stealer Malware found on 394,000 Windows PCs

May 22, 2025

Signal's new Windows update prevents the system from capturing screenshots of chat

May 22, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

WhatsApp launches the long-awaited iPad app

May 27, 2025

Ali Partovi and Russell Kaplan join StrictlyVc Menlo Park

May 27, 2025

Rocket Lab Backer's first publication raises $25 million to fund New Zealand's Deep High-Tech Moonshot

May 27, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.