Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 4, 2025, Broadcom, which acquired VMware in 2023, released security updates to fix three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion that could result in code execution and information disclosure. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) race condition vulnerability that leads to an out-of-bounds write, allowing an attacker with administrative privileges on a virtual machine to execute code as the VMX process on the host.

Seal Security Joins Snyk’s Technology Alliance Partner Program Seal Security is excited to announce that it has joined Snyk’s Technology Alliance Partner Program and is now listed in the Snyk Partner Solutions Directory. Together, Seal Security and Snyk provide a seamless integration and product experience for Snyk customers looking to streamline their open source vulnerability patching efforts. ‍

Measuring enterprise risk posture—its overall security readiness and resilience—is a complex challenge. Advanced security solutions, such as automated vulnerability management tools and unified risk dashboards, enable organizations to defend their networks with unprecedented efficiency. The rapid expansion of cloud environments and the intricacies of modern IT infrastructures, however, present an increasingly dynamic attack surface.

Vulnerability management has always been a challenge, but today’s security teams are feeling the pressure more than ever. With thousands of new CVEs reported every month, the sheer volume makes it difficult to know where to focus. In-use vulnerability prioritization is one of the most effective ways to cut through the noise, focusing only on vulnerabilities that are actively loaded in runtime. To focus on what really matters, security teams need better ways to prioritize risk.

JWTs are often used by developers who seek to implement authentication over traditional cookie-based sessions. However, what happens when developers misunderstand JWT security and risk a severe broken authentication vulnerability?

As developers continue to adopt AI tools to transform their workflows, AI-generated code has become more common. In fact, 96% of developers reported using AI coding assistants to streamline their work. Although generative AI (GenAI) tools like ChatGPT can speed up workflows and boost productivity, the security and quality of the outputs aren’t guaranteed.

On March 4, 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft, range in severity from high to critical. Details of the exploitation have not been revealed at this time, and Arctic Wolf has not identified a public Proof-of-Concept (PoC) exploit.

When generative AI first emerged, the cybersecurity community primarily focused on two promising benefits. However, a concerning “third angle” has now been demonstrated: AI as an attacker – powerful AI systems in the hands of malicious actors, autonomously exploiting vulnerabilities with minimal human guidance.

Today, Outpost24 is excited to announce the launch of its new CyberFlex solution, a flexible combination of ASM and PTaaS. With two-thirds of organizations having experienced a cyberattack via unmanaged internet-facing assets, the CyberFlex solution provides an unmatched approach to the comprehensive discovery, risk management, and protection of all your external-facing applications.