A zero-day vulnerability stemming from how Windows User Interface handles its shortcut (.lnk) files has been exploited by at least 11 nation-state actors in widespread threat campaigns. According to an analysis by Trend Zero Day Initiative (ZDI), the bug bounty and vulnerability disclosure program that first found and reported the flaw to Microsoft, the vulnerability…
Category: Security, Zero-Day Vulnerabilities
Exploits, Global Security News, Security, Zero-Day Vulnerabilities
VMware ESXi gets critical patches for in-the-wild virtual machine escape attack
Broadcom released emergency patches for its VMware ESXi, Workstation, and Fusion products to fix three vulnerabilities that can lead to virtual machine escape and are actively being exploited by attackers. Products that include VMware ESXi, such as VMware vSphere, VMware Cloud Foundation, and VMware Telco Cloud Platform, are also impacted. VMware products, especially the ESXi…