Watch out -- a whole bunch of critical VM escape vulnerabilities to patch in VMware vSphere

Everyone: You can't predict the future. Me: My next employer will not use Concur.

PSA: Where the term "to patch" came from

Multiple virtual machine escape vulnerabilities in all supported VMware ESXi versions have been disclosed, and are already exploited in the wild. VMSA-2025-0004 >

RT @McFaul: Trump, Vance & others either have forgotten or never knew that Zelensky signed a ceasefire agreement with Putin in 2019. Three….

R.I.P. @brad_jervis :`( it's hard to believe we will not meet you again this fall like in past many years, but you will be forever in our hearts and your endless enthusiasm will be forever remembered.

Bah! Bypassing disk encryption on systems with automatic TPM2 unlock >

RT @Veeam: We’re excited to welcome new several investors, including @tpg, & @neubergerberman, through a secondary offering that values Vee….

[PREVIEW] Managed Hardened Repository ISO by Veeam.

Keep rolling rolling rolling

Critical SSH vulnerabilities like CVE-2024-6387 aka regreSSHion is the reason why I recommend disabling SSH Server on hardened backup repositories completely. Unauthenticated Remove Code Execution (RCE) now available to hackers on millions of Linux servers.

ZERO CLICK vulnerability in Microsoft Outlook: simply viewing an email containing the malicious code triggers the exploit, compromising the user's system immediately through critical Remote Code Execution (RCE) vulnerability. Def something to patch ASAP!.

RT @Falko_Banaszak: HOLY SMOKES ! 🚨🚨🚨. #Veeam Backup & Replication for #Linux is coming. Seems like @RickVanover and @gostev fulfilled on o….

To clarify, Veeam hardened repository deployed according to best practices (SSH Server disabled) are not vulnerable. Security & Compliance Analyzer wizard in the backup console will give you a warning if you have SSH enabled on your hardened repos.

RT @Veeam: The Day 2 keynote at #VeeamON 2024 is all about innovation, featuring @gostev, John Jester, @lenovo's @kirkskaugen, @AWS's Paul….

Warning from our security team: CVE-2024-1086 in nf_tables in the Linux kernel is now being exploited in the wild. POC code is public and they see threat actors actively discussing the vulnerability on underground forums. Keep your Linux servers and hardened repositories patched!.

Notably, on @MicrosoftEdge this configuration option is automatically active for “Enhanced Security Mode”.

It's 8th @googlechrome 0-day this year and apparently half of all Chrome 0-days exploited in the wild are JIT related. I'm hearing it is possible to just deactivate the JIT through both UI and command-line options. is this a good idea?.