The DefendOps DiariesOct 30

Federal agencies are racing to patch a VMware Tools flaw that lets hackers grab root access—Chinese state-backed group UNC5174 has been exploiting it. What does this mean for digital security? Read on for the full story.

https://thedefendopsdiaries.com/vmware-tools-flaw-cve-2025-41244-federal-agencies-scramble-to-patch-amid-active-exploitation/

#vmwaretools
#cve202541244
#cybersecurity
#cisa
#unc5174
#vulnerabilitymanagement
#patching
#infosec

sekurak NewsOct 3

Podniesienie uprawnień w VMware – grupa UNC5174 powiązana z Chinami wykorzystuje lukę CVE-2025-41244

29 września 2025 r. Broadcom poinformował o luce bezpieczeństwa CVE-2025-41244 w oprogramowaniu VMware Tools i VMware Aria, umożliwiającej lokalną eskalację uprawnień. Zgodnie z opinią badaczy z NVISO, luka była aktywnie wykorzystywana jako zero-day od co najmniej października 2024 roku. Za atakami stała grupa UNC5174 utożsamiana przez analityków z chińskim aparatem...

#WBiegu #Chiny #Lpe #Unc5174 #Vmware #VmwareTools

https://sekurak.pl/podniesienie-uprawnien-w-vmware-grupa-unc5174-powiazana-z-chinami-wykorzystuje-luke-cve-2025-41244/

Podniesienie uprawnień w VMware - grupa UNC5174 powiązana z Chinami wykorzystuje lukę CVE-2025-41244

29 września 2025 r. Broadcom poinformował o luce bezpieczeństwa CVE-2025-41244 w oprogramowaniu VMware Tools i VMware Aria, umożliwiającej lokalną eskalację uprawnień. Zgodnie z opinią badaczy z NVISO, luka była aktywnie wykorzystywana jako zero-day od co najmniej października 2024 roku. Za atakami stała grupa UNC5174 utożsamiana przez analityków z chińskim aparatem...

Sekurak
CyberVeille.chSep 30
📢 Zero‑day CVE-2025-41244: élévation de privilèges via la découverte de services VMware (Tools/Aria) exploité par UNC5174
📝 Source: blog.nviso.eu (NVISO, Maxime Thiebaut) — N...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-30-zero-day-cve-2025-41244-elevation-de-privileges-via-la-decouverte-de-services-vmware-tools-aria-exploite-par-unc5174/
🌐 source : https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
#CVE_2025_41244 #UNC5174 #Cyberveille
The Threat CodexSep 30
You name it, VMware elevates it (CVE-2025-41244)
#CVE_2025_41244 #UNC5174
https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
You name it, VMware elevates it (CVE-2025-41244)

NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.

NVISO Labs
The DefendOps DiariesSep 30

A tiny flaw in VMware has granted state-sponsored hackers root access worldwide—how did an overlooked vulnerability turn into a global security nightmare?

https://thedefendopsdiaries.com/cve-2025-41244-how-a-single-overlooked-flaw-opened-the-door-to-global-cyber-espionage/

#cve202541244
#vmwarevulnerability
#cyberespionage
#zerodayexploit
#unc5174

CVE-2025-41244: How a Single Overlooked Flaw Opened the Door to Global Cyber Espionage

Discover how CVE-2025-41244 enabled global cyber espionage, its exploitation by UNC5174, and urgent steps to protect critical infrastructure.

The DefendOps Diaries
Benjamin Carr, Ph.D. 👨🏻‍💻🧬Jun 10, 2025
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
#SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs

: SentinelOne discovered the campaign when they tried to hit the security vendor's own servers

The Register
The Threat CodexMay 16, 2025
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer.

The Threat CodexApr 17, 2025
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell
#UNC5174
https://sysdig.com/blog/unc5174-chinese-threat-actor-vshell/
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell

After a year under the radar, the Sysdig Threat Research Team identified a new campaign from Chinese state-sponsored threat actor UNC5174.

Sysdig
Not SimonMar 21, 2024

Mandiant reported on the N-day exploitation of CVE-2023-46747 (9.8 critical, disclosed 26 October 2023 by F5, added to CISA KEV on 31 October 2023) unauthenticated RCE and ConnectWise CVE-2024-1709 (10.0 critical, disclosed 19 February 2024 by ConnectWise as exploited zero-day, in KEV) by the Chinese threat actor UNC5174, who they assess to be acting as a contractor for China's Ministry of State Security (MSS). Mandiant provides timeline and evidence of exploitation, post-exploitation tactics, custom malware and tooling. IOC and detection rules provided. 🔗 https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

#UNC5174 #China #cyberespionage #threatintel #IOC #MSS #CVE_2023_46747 #CVE_2024_1709 #F5 #ConnectWise #ScreenConnect #eitw #activeexploitation #KEV

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect | Mandiant

Mandiant