New VMware Zero-Day Exploited Since October
What happened: Hackers linked to China have been exploiting a serious VMware flaw for months before it was patched.
What to do: Update your VMware software immediately to the latest version.Ransomware Hits Dealership Software Provider
What happened: A ransomware attack exposed sensitive data of over 766,000 customers at a dealer management software company.
What to do: Review your vendor security practices and monitor for unusual activity.OneLogin Bug Risks App Impersonation
What happened: A security flaw in OneLogin’s system could let attackers steal keys and pretend to be trusted apps.
What to do: Apply security patches and rotate API keys promptly.Broadcom Didn’t Disclose VMware Exploitation Early
What happened: Broadcom delayed warning about active exploitation of a VMware vulnerability affecting privilege levels.
What to do: Stay alert for vendor updates and apply patches quickly.Google Explores Windows Registry Security Weaknesses
What happened: Researchers detailed how attackers can exploit Windows Registry memory flaws to gain control.
What to do: Keep Windows systems updated and consider registry monitoring tools.iMessage Exploit Analyzed in Depth
What happened: Experts broke down the NSO Group’s BLASTPASS exploit targeting Apple’s messaging system.
What to do: Update Apple devices regularly and be cautious with message links.Social Engineering Attacks Target Salesforce Users
What happened: Attackers used clever tricks to breach Salesforce accounts linked to a hacking group called ShinyHunters.
What to do: Train staff on phishing risks and enable multi-factor authentication.CoreAudio Fuzzing Reveals New Security Insights
What happened: Researchers tested Apple’s audio system for bugs that could lead to crashes or exploits.
What to do: Keep Apple software current and report any unusual app behavior.
If You Only Do 3 Things Today
| Action (1 minute each) | Why it matters |
|---|---|
| Update VMware and Apple software now | Fixes critical flaws hackers are actively using |
| Rotate API keys and passwords | Prevents attackers from impersonating your apps |
| Enable multi-factor authentication | Adds a strong layer of protection against phishing |
For Teams (super quick)
- Prioritize patching VMware and OneLogin vulnerabilities immediately.
- Monitor for unusual login attempts and API usage in your systems.
- Educate users on spotting phishing and social engineering tactics.
- Review vendor security and incident response plans.
- Use registry and system monitoring tools to catch suspicious activity early.
Photo by Nubelson Fernandes on Unsplash