3 VMware Zero-Day Bugs Allow Sandbox Escape | 'Crafty Camel' APT Targets Aviation, OT With Polygot Files

The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.

Mar. 6, 2025 Signup

Weekly Edition

The latest news and insights for cybersecurity professionals

- The Latest News and Features -

3 VMware Zero-Day Bugs Allow Sandbox Escape ‎ The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.‎‎ Keep Reading →

DR GLOBAL

'Crafty Camel' APT Targets Aviation, OT With Polygot Files‎‎ The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.‎‎

China's Silk Typhoon APT Shifts to IT Supply Chain Attacks‎‎ The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.‎‎

Pentagon, CISA Deny Change in US Cyber Policy on Russia‎‎ Media reports over the weekend suggested the Trump administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.‎‎

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint‎‎ A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services.‎‎

Microsoft Busts Hackers Selling Illegal Azure AI Access‎‎ LLMjacking operation leveraged illicit access GenAI services to produce explicit celebrity images and other harmful content, Microsoft's digital crimes unit says.‎‎

Hackers Can Crack Into Car Cameras in Minutes Flat‎‎ It's shockingly simple to turn a car dashcam into a powerful reconnaissance tool for gathering everyday routine and location data, researchers warn.‎‎

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs‎‎ Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.‎‎

Microsoft Rolls Out Fresh Outlook Fix After Faulty Windows Update‎‎ Windows 11 users can deploy a workaround or await the update rollout.‎‎

THE EDGE

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs‎ A global report published by the World Economic Forum points to a new "world order characterized by greater instability, polarizing narratives, eroding trust, and insecurity.‎

DR TECHNOLOGY

Cisco's SnapAttack Deal Expands Splunk's Capabilities‎ The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.‎

VIRTUAL EVENT

Cybersecurity's Most Promising New and Emerging TechnologiesJoin us on March 20 for this all-day virtual event, designed to update cybersecurity teams on some of the most promising emerging cybersecurity technologies and provide advice on using them.

Read More →

- Commentary -

Opinions from thought leaders around the cybersecurity industry

Top 10 Most Probable Ways a Company Can Be Hacked ‎ How to win the battle with root cause analysis and a data-driven approach.‎‎

Why Cybersecurity Jobs Are Hard to Find Amid a Worker Shortage ‎ The cybersecurity job market nowadays is facing an unusual paradox: Many roles seem open, but competition and hiring practices can make securing a position a real challenge.‎‎

More Commentary →

- Upcoming Events -

Mar 20, 2025 Protecting Critical Infrastructure: Securing OT/ICS in a Digital World

Apr 1, 2025 Today's Top Cloud Security Threats

Aug 2, 2025 [Conference] Black Hat USA - August 2-7 - Learn More

More Events →

- More Resources -

WHITE PAPER The Definitive Guide to Container Security

WHITE PAPER Unleash Secure Enterprise Edge and Cloud Transformation

WHITE PAPER Enterprise WAN Simplicity, Performance and Security

REPORT Threat Hunting's Evolution: From On-Premises to the Cloud

More Resources →

- Elsewhere in Cyber This Week -

MALWAREBYTES

PayPal Scam Abuses Docusign API to Spread Phishy Emails

‎

FORRESTER

Another Cautionary Tale of the Perils of Using Password Managers

‎

CYBERSECURITY DIVE

Massive Iran-Linked Botnet Launches DDoS Attacks Against Telecom, Gaming Platforms

‎

ELECTRONIC FRONTIER FOUNDATION

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying

‎

- Do You Find Today’s Newsletter Helpful? -

Yes Not sure No

You received this message because you are subscribed to Dark Reading's Weekly newsletter. If a friend forwarded you this message, sign up here to get it in your inbox. Thoughts about this newsletter? Give us feedback.

Advertise With Us | Privacy Policy | Unsubscribe Copyright © 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US