Code Execution - Geek Feed

Broadcom fixes three VMware zero-days exploited in attacks

March 6, 2025March 6, 2025 geekfeed0Tagged Actively Exploited, Broadcom, Code Execution, CVE-2025-22224, CVE-2025-22225, CVE-2025-22226, Information Disclosure, microsoft, Sandbox Escape, vmware, Zero-Day

Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape […]

2 mins read

whoAMI attacks give hackers code execution on Amazon EC2 instances

February 16, 2025February 16, 2025 geekfeed0Tagged amazon, Amazon Web Services, attack, AWS, Cloud, Cloud Security, Code Execution

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how […]

4 mins read

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

January 25, 2025January 25, 2025 geekfeed0Tagged Code Execution, Hybrid Backup Sync, QNAP, rce, Remote Code Execution, Rsync, vulnerability

QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. Rsync is an open-source file synchronization tool that supports direct file syncing via its daemon, SSH transfers via SSH, and incremental transfers that save time and bandwidth. It’s widely used by many backup solutions […]

2 mins read