Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 4, 2025, Broadcom, which acquired VMware in 2023, released security updates to fix three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion that could result in code execution and information disclosure. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) race condition vulnerability that leads to an out-of-bounds write, allowing an attacker with administrative privileges on a virtual machine to execute code as the VMX process on the host.

In recent years, Transformer models have been the backbone of the revolution within the artificial intelligence sector. They are the basis of large language models (LLMs) and responsible for LLMs’ ability to understand and generate text of a human-like quality. Transformers are able to learn long-range interactions between words and sentences, allowing them to retain high-level concepts and insights into their training data.

The Payment Card Industry Data Security Standard (PCI DSS) is a global security framework established by major credit card brands that outlines security requirements for any organization handling cardholder data, including encryption, access control, and network security. PCI DSS is regularly updated, and Version 4.0, effective March 2025, focuses on allowing organizations to tailor security controls to their specific needs.

Up to 27 days to fix a leaked secret? We feel your pain. Explore how contextual secrets management helps you take control, cut remediation time, and strengthen your security posture. Don't just detect, understand your secrets.

With collaboration and efficiency a top priority, Egnyte’s partnership with Microsoft is revolutionizing the way teams work together. Many organizations are already leveraging Microsoft Office products, and now it’s easier than ever for them to streamline their procurement process and get the most out of their technology investments. Starting today, Egnyte is available through the Microsoft Azure Marketplace!

Ransomware-as-a-service is a business model where ransomware operators and third parties, called “affiliates,” work together to launch ransomware attacks. RaaS was first identified in 2012 with the Reveton ransomware strain, and in the subsequent decade it has exploded into a sophisticated and ever-evolving cybercrime tactic.

Azure RBAC is basically a mature system of fine-grained access management for the Azure resources. Azure RBAC enables you to grant users, groups, service principals, and managed identities access to Azure resources, as a scope specifies. These scopes can be a subscription, a resource group, or even a single resource. RBAC assists in making sure that only approved users can control or manipulate particular resources and therefore shields Azure settings.

Software security is not a set-it-and-forget-it process, but regular monitoring is important. Now, the Open Web Application Security Project (OWASP) is a non-profit foundation that provides a wealth of information about web application security. They have provided a list of the Top 10 Web Application Security Risks.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! There’s that old saying about whatever you post on the internet will haunt you forever…

In December 2024, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and International Partners published a guide for “protecting communications infrastructure” in response to the discovery that a stealthy Chinese government threat actor, Salt Typhoon, had infiltrated a number of US telecommunications firms.