Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 4, 2025, Broadcom, which acquired VMware in 2023, released security updates to fix three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion that could result in code execution and information disclosure. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) race condition vulnerability that leads to an out-of-bounds write, allowing an attacker with administrative privileges on a virtual machine to execute code as the VMX process on the host.

According to IBM’s Cost of a Data Breach Report 2024, the average cost of a single data breach reached an all-time high of $4.88 million last year, driven by increased revenue loss, operational downtime, customer churn and regulatory fines, among other factors. As frequent targets of cybercriminals, finance services companies face especially high risks – and the consequences of a successful breach can be particularly damaging from both reputational and compliance perspectives.

Infostealers have dominated the malware landscape due to the ease of threat operations maintenance, and a wide group of potential victims. In this blog, we take a closer look at a unique infostealer designed to precisely target a narrow data set on systems located in chosen geographic locations. The Strela Stealer (rus. Cтрела, lit. 'Arrow') is an infostealer that exfiltrates email log-in credentials and has been in the wild since late 2022.

As noted in the just-released Trustwave SpiderLabs report, 2025 Trustwave Risk Radar Report: Manufacturing Sector, modern manufacturing systems are increasingly interconnected, creating fertile ground for cybercriminals. The report details the weaknesses attackers exploit in infrastructure, workers, and the digital supply chain. Among the various tactics observed, vulnerability exploitation stood out due to its prevalence and potential impact.

You want to know the real answer to two questions about Docker security.

Preparing evidence for a HITRUST Validated Assessment is a detailed process that requires careful organization, proper documentation, and alignment with HITRUST’s control framework. By following the below steps, you will be better prepared for the HITRUST Validated Assessment, increasing your chances of successfully achieving certification.

‍ In the modern workplace, data exposure can happen in mere seconds. Legacy data loss prevention tools have often been considered bulky, manual, and time-intensive—especially when it comes to alert resolution and user training.

Change is an inevitable part of managing a large-scale enterprise network, but executing it efficiently and securely remains a major challenge. Global organizations must navigate complex IT environments, multiple teams, and a high volume of daily changes—each carrying the risk of misconfiguration, downtime, or security vulnerabilities. Without a structured approach to change management, even routine updates can spiral into costly outages, endless troubleshooting calls, and operational disruptions.

The power of collaboration is limitless. In the CyberArk Community, a thriving group of professionals, customers, and partners join forces to solve challenges, share insights, and innovate in the realm of Identity Security. If you’re looking to level up your Identity Security strategy, the CyberArk Community is the ideal place to be. Our members come together to exchange knowledge, troubleshoot issues, and stay updated with the latest in CyberArk products and Identity Security practices.

Learn how cybersecurity asset management protects your IT assets from evolving threats, ensures compliance, and the growing use of AI to improve automation.