Alice and Bob

3 different VMware zero days, under active exploitation by ransomware groups

CVE-2025-22224, CVE-2025-22225, CVE-2025-22226

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation
VMware Telco Cloud Platform

(Exploitation actually ESXi)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

@Viss Yes. Recommended: https://www.amazon.com/Straight-Hell-Deviance-Debauchery-Billion-Dollar/dp/0802123309

@Viss Accidentally, one of my favorite trading stories also involves City - those guys know how to party!

"Perkins’s drunken trade was so large, it represented 69% of the global volume at that time."

https://en.rattibha.com/thread/1570789617154260993

@Viss

I need to do a blog post on this, but it seems like a lot of old tricks have been lost over the years. One thing I was thinking about is all the ways to obscure an executable name in command prompts. For example, and I'm not sure how many of them are documented, but all of these work:

New vulnerability report from Talos:

miniaudio ma_dr_flac__decode_samples__lpc out-of-bounds write vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063

CVE-2024-41147

[RSS] CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy

https://www.thezdi.com/blog/2025/3/3/cve-2024-43639

[RSS] !exploitable Episode Two - Enter the Matrix. SSHD exploit used by Trinity in the movie The Matrix Reloaded

https://blog.doyensec.com/2025/03/04/exploitable-sshd.html

BlackHoodie will be back at @_ringzer0 Bootcamp on March 21st with a training about Compiler Internals for Security Engineers, brought to you by.. me 😊 Registration is open, please tell your friends and hacker family, alternatively Shares appreciated 😁 https://blackhoodie.re/Ringzer0_Bootstrap_2025/

My team designed and is maintaining Enclaves. Good article here :-)

https://bird.makeup/@dwizzzlemsft/1896624017903325658

Two seemingly blockbuster stories published on Friday that reported that the Trump admin had ordered US Cyber Command and CISA to "stand down" on their work to detect and counter Russian cyber threats. But new info has come out to contradict the stories or qualify them. I dug into what we know and don't know. As always, if anyone has any additional information related to these stories, please contact me on Signal at KimZ.42.

https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/

go to the cloud they said
it'll be fine they said

New blog post: Electronic signing in Collabora Online https://vmiklos.hu/blog/cool-esign.html

@joxean The whole sketch is brilliant, my favorite is probably the discussion about anime's in the HR process :D

"They should be paying me per token" should be our mantra

https://www.youtube.com/watch?v=3yeb5gSLnjw

CP/M Users: Looking for a copy of Avocet XASM85 for a resurrection project. #retrocomputing

🎉 KeePassXC 2.7.10 is out! 🥳

The most prominent changes in this release are the addition of a Proton Pass importer and (due to popular request) a new setting for changing the application font size. You can find the full list of changes on our website:
https://keepassxc.org/blog/2025-03-04-2.7.10-released/

"You possessive apostrophe!" - sounds like a great insult!

𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝗹𝗶𝘃𝗲 𝘄𝗲𝗯𝗶𝗻𝗮𝗿 𝗼𝗻 𝗠𝗮𝗿𝗰𝗵 𝟲𝘁𝗵!
Discover how to eliminate debugging inefficiencies and accelerate vulnerability research with time travel analysis.

Register now 👇
https://www.linkedin.com/events/exploitingaroutervulnerabilityw7299810055170805761/

#cybersecurity #webinar #vulnerability #malware #reverseengineering