Stay updated with the latest VMware infosec trends, patches, and cybersecurity insights. Your hub for all VMware-related security news and updates.
Search across headline titles and summaries.
Background for this topic.
VMware is a global leader in cloud infrastructure and digital workspace technology that accelerates digital transformation for evolving IT environments. Within the context of information security, it plays a crucial role by providing products and solutions such as virtualized infrastructure, endpoint security, and identity management. VMware enables businesses to securely operate multiple applications and operating systems on the same hardware, while segregating and protecting each environment.
The company's security-centric offerings include features such as micro-segmentation, which grants precise control over virtual network traffic, thereby reducing the attack surface within data centers. Additionally, with the implementation of secure access service edge (SASE) architecture, VMware assists enterprises in combining network security functions with wide area networking (WAN) capabilities to support the dynamic, secure access needs of organizations.
In information security circles, VMware is often discussed in terms of its ability to enhance cybersecurity posture through its virtualization platforms. It offers streamlined management and monitoring of virtual environments that are integral for maintaining system integrity and resilience against cyber threats. Furthermore, VMware's security-focused products are designed to integrate with existing security tools, allowing for a more robust and cohesive defense strategy against a variety of cyber risks.
Weekly headline count for the current query.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. [...]
BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines
Even the most careful VMware customers may need to go back and double check that they weren't compromised by a zero-day exploit for CVE-2023-34048.
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. [...]
The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [...]
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
Advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager). [...]
Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...]
Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...]