Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems

CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from drm vmwgfx not validating command header sizes, which could result in a buffer overflow...

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

Update Rollup 1 for System Center 2025 Data Protection Manager

Update Rollup 1 for System Center 2025 Data Protection Manager Applies to: System Center 2025 Data Protection Manager Introduction This article describes the new features and issues that are fixed in Update Rollup 1 for Microsoft System Center Data Protection Manager 2025. It also contains the...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

Beyond NSX: A Strategic Alternative for VMware Customers

Broadcom’s VMware acquisition has driven up costs and complexity. Akamai Guardicore Segmentation offers a modern, secure, and cost-efficient path beyond NSX...

TencentOS Server 4: open-vm-tools (TSSA-2025:0401)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0401 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

USN-7875-1: Linux kernel (Oracle) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7875-1 linux-oracle vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

drm/vmwgfx: Fix Use-after-free in validation

...

SUSE CVE-2025-40111

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmwexecbufprocess. All nodes are expected to be cleared in...

CVE-2025-40111 drm/vmwgfx: Fix Use-after-free in validation

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmwexecbufprocess. All nodes are expected to be cleared in...

CVE-2025-40110

The CVE-2025-40110 entry concerns the Linux kernel: for the DRM/vmwgfx component, a null-pointer dereference in the cursor snooper was fixed. The patch adds a validation that the actual surface resource exists before using the cursor snooper, addressing a scenario where SVGA3D_INVALID_ID could be...

ESXi RDMA driver for Intel 800 Series Ethernet Advisory - Lenovo Support US

No description provided...

USN-7865-1: Linux kernel (FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7865-1 linux-fips vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7795-5: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network file system NFS server daemon; - Packet sockets; - Network traffic control; - VMware...

USN-7795-5 linux-raspi-5.4 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network file system NFS server daemon; - Packet sockets; - Network traffic control; - VMware...

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The vulnerability in...