46 matches found
Exploit for CVE-2019-5513
VMware Horizon /broker/xml Vulnerability Scanner !Security...
EUVD-2019-15088
Malware in sbrugna...
EUVD-2018-18714
Malware in sbrugna...
EUVD-2023-38158
Malicious code in bioql PyPI...
EUVD-2025-27504
Malicious code in bioql PyPI...
CVE-2025-58131
CVE-2025-58131 describes a race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon. The vulnerability affects Zoom Workplace VDI Plugin versions prior to 6.4.10 (and, on their respective tracks, prior to 6.2.15 and 6.3.12). An authenticated user could trigger ...
CVE-2025-58131 Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition
Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 or before 6.2.15 and 6.3.12 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...
CVE-2019-5513
VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8 contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address...
VMware Horizon Server < 2111.2 / < 2209.1 / < 2212.1 / < 2306 Multiple Vulnerabilities (VMSA-2023-0017)
The version of VMware Horizon Server installed on the remote Windows host is prior to 2111.2, 2206 or 2209 prior to 2209.1, 2212 prior to 2212.1 or 2302. It is, therefore affected by multiple vulnerabilities: - An HTTP request smuggling vulnerability whereby malicious actor with network access ma...
VMware Horizon Security Vulnerability
VMware Horizon is a suite of foundation platforms for virtual desktops and applications from VMware. The product enables end users to access all of their virtual desktops, applications and online services through a digital workspace. A security vulnerability exists in VMware Horizon Server, which...
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual...
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
Today, CISA and the Federal Bureau of Investigation FBI published a joint Cybersecurity Advisory CSA, Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch...
Unknown Iranian attackers leverage vulnerabilities to conduct ransom operations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iranian government-sponsored actors carry out malicious cyber activities against a wide range of people and entities in the United States, Australia, Canada, and the United Kingdom by using known...
Monti ransomware infiltrates networks via the well-known Log4Shell
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Monti ransomware infiltrated the clients internet-facing VMware Horizon virtualization system by exploiting the well-known "Log4Shell" vulnerability, a.k.a. CVE-2021-44228. Furthermore, the threat...
Lazarus deploys new attack tool, MagicRAT to target organizations worldwide
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on...
MagicRAT: Lazarus’ latest gateway into victim networks
By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has discovered a new remote access trojan RAT we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. Lazarus deployed MagicRAT after the...
LockBit 3.0 makes a comeback by exploiting Log4j
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary LockBit 3.0 LockBit Black, a new variant of LockBit Ransomware, is deploying Cobalt Strike beacons on compromised systems by exploiting the Windows Defender command line tool and Log4j in VMware Horizon...
CISA Releases Log4Shell-Related MAR
From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis...
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021,treat all affected VMware systems as...
A week in security (June 27 – July 3)
Last week on Malwarebytes Labs: Ransomware review: June 2022 AstraLocker 2.0 ransomware isn’t going to give you your files back YTStealer targets YouTube content creators ZuoRAT is a sophisticated malware that mainly targets SOHO routers Amazon Photos vulnerability could have given attackers acce...