Aggregator

CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks

Cyber Security News
4 months 3 weeks ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability. This flaw, patched by Broadcom in March 2025, enables attackers to escape virtual machine isolation and deploy ransomware across hypervisors. CVE-2025-22225 is an arbitrary write vulnerability in VMware ESXi, rated Important […]

The post CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks appeared first on Cyber Security News.

Guru Baran

Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device

Cyber Security News
4 months 3 weeks ago

TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws. These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the device. The vulnerabilities affect the Archer BE230 v1.2 model running firmware versions before 1.2.4 Build […]

The post Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device appeared first on Cyber Security News.

Abinaya

Questions Loom Ahead of Substance Abuse Privacy Rules Shift

DataBreachToday.com
4 months 3 weeks ago
As the compliance deadline quickly approaches for changes to align the federal rules for the confidentiality of substance use disorder records with HIPAA, entities that participate in so-called Part 2 programs still face critical unanswered questions, said attorney Aleksandra Vold of BakerHostetler.

Harvard, UPenn Data Leaked in ShinyHunters Shakedown

DataBreachToday.com
4 months 3 weeks ago
Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors'
Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group's ongoing "live phishing" attacks that often attempt to trick IT help desks into giving attackers direct access to a victim's network and cloud-based data.

Semperis Buys MightyID to Expand Identity Security

DataBreachToday.com
4 months 3 weeks ago
Acquisition Adds Okta and Ping Coverage to Semperis' Identity Security Platform
Semperis has acquired MightyID to extend its identity-first security and cyber resilience strategy beyond Active Directory and Entra ID into Okta and Ping. CEO Mickey Bresman says the deal addresses customer demand for multi-identity provider protection backup recovery and migration.

How SCSU Is Rebuilding Campus Technology for the AI Era

DataBreachToday.com
4 months 3 weeks ago
Southern Connecticut State University CIO Tom Armstrong on Modernization Priorities
Like other schools, Southern Connecticut State University is under pressure to modernize legacy systems, strengthen security and adopt AI. CIO Tom Armstrong must balance expanding research ambitions, student expectations and operational efficiency in an increasingly complex risk environment.

TRM Labs Raises $70M Series C for AI Crime-Fighting Push

DataBreachToday.com
4 months 3 weeks ago
Funding at $1B Valuation Targets AI-Driven Investigations and Compliance Tools
TRM Labs has secured $70 million in Series C funding led by Blockchain Capital reaching a $1 billion valuation. CEO Esteban Castano says the money will boost AI-powered investigations, compliance automation and intelligence as criminals use AI to scale cybercrime faster than defenders can respond.

Managed ad