CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks.

Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) in March 2025 alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days.

“A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox,” Broadcom said about the CVE-2025-22225 flaw.

At the time, the company said that the three vulnerabilities affect VMware ESX products, including VMware ESXi, Fusion, Cloud Foundation, vSphere, Workstation, and Telco Cloud Platform, and that attackers with privileged administrator or root access can chain them to escape the virtual machine’s sandbox.

According to a report published last month by cybersecurity company Huntress, Chinese-speaking threat actors have likely been chaining these flaws in sophisticated zero-day attacks since at least February 2024.

Flagged as exploited in ransomware attacks

In a Wednesday update to its list of vulnerabilities exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said CVE-2025-22225 is now known to be used in ransomware campaigns but didn’t provide more details about these ongoing attacks.

CISA first added the flaw to its Known Exploited Vulnerabilities (KEV) catalog in March 2025 and ordered federal agencies to secure their systems by March 25, 2025, as mandated by Binding Operational Directive (BOD) 22-01.

“Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,” the cybersecurity agency says.

Ransomware gangs and state-sponsored hacking groups often target VMware vulnerabilities because VMware products are widely deployed on enterprise systems that commonly store sensitive corporate data.

For instance, in October, CISA ordered government agencies to patch a high-severity vulnerability (CVE-2025-41244) in Broadcom’s VMware Aria Operations and VMware Tools software, which Chinese hackers have exploited in zero-day attacks since October 2024.

More recently, CISA has also tagged a critical VMware vCenter Server vulnerability (CVE-2024-37079) as actively exploited in January and ordered federal agencies to secure their servers by February 13.

In related news, this week, cybersecurity company GreyNoise reported that CISA has “silently” tagged 59 security flaws as known to be used in ransomware campaigns last year alone.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Advertisement

Get the guide

Lores, who served decades at HP, was also PayPal’s board chair since 2024.

HP was apparently caught off guard, according to reports, after PayPal snatched the company’s CEO Enrique Lores to replace Alex Chriss.

In a statement, PayPal said that the switch-up had to come because the “pace of change and execution [under Chriss] was not in line with the board’s expectations”. Lores is expected to overhaul the payments company and ensure it maintains its leading position in the industry in the long-run, the company said.

Chief financial and operating officer Jamie Miller will serve as interim CEO at the company until Lores assumes the role of president and CEO. Meanwhile, David Dorman has been appointed as independent board chair.

“We will further strengthen the culture of innovation necessary to deliver long-term transformation and balance this with near-term delivery”, commented Lores.

“The payments industry is changing faster than ever, driven by new technologies, evolving regulations, an increasingly competitive landscape and the rapid acceleration of AI that is reshaping commerce daily.”

Chriss was appointed as PayPal’s CEO and president in 2023, a challenging post-pandemic period when trading volumes were low, but large tech companies and newer fintech rivals were adding competitive pressure on PayPal’s core businesses.

At the time of his appointment, PayPal described him as a “next generation leader” capable of driving growth across the company, but less than three years later, that seems to not have worked out. Lores, meanwhile, is familiar to PayPal, serving on the company’s board for nearly five years, and as board chairperson since July 2024.

However, the executive switch-up did not sway investor confidence after the company missed revenue expectations in the quarter past. In its fourth quarter results for 2025, PayPal posted $8.68bn in revenue, lower than London Stock Exchange Group analysts’ average estimates, but marginally higher than this quarter last year.

The dim quarter and change of leadership sent share prices at PayPal plummeting by 20pc. Company shares have dropped more than 80pc over the last five years.

Lores had come into HP as an intern nearly four decades ago. He orchestrated the split from HP Enterprise and took on the role of CEO in 2019. Semafor reported that Lores’ sudden move sent HP executives scurrying for a replacement.

In a statement yesterday (3 February), HP said that Lores stepped down as both board president and CEO to “pursue another professional opportunity”.

Bruce Broussard, a HP board member since 2021, has been appointed as interim CEO until a search committee identifies a successor. Broussard most recently served as the president and CEO of healthcare company Humana.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

This story was published by a Voices of Change fellow. Learn more about the fellowship here.

Teaching is many things. It’s a profession and a passion, tedious and rewarding, infuriating and full of joy. For some, mental health issues like anxiety and depression become worse when teaching. This has led to many teachers and educators leaving the profession, with plenty of news and opinion coverage on the mental health crisis in education.

But my story is a bit different. Not only has teaching improved my mental health, but it quite literally saved my life.

Against a Sea of Troubles

In February of 2017, I was working in retail management, and had been doing so since graduating college back in 2002. I was OK at sales, a pretty good manager and especially great at training new sales associates. At the same time, I was also struggling with severe depression and anxiety. I didn’t really know why. I didn’t think I hated my job; I loved my wife and family. On paper, I had good friends and a pretty good life. But there were some days I just could not face. I felt alone, empty and frankly, lost. Was this all that my life would have to offer? Would this be all I was ever known for? Would anyone miss me when I’m gone?

This led to the evening of Feb. 24. I was driving home from another dull day of work when the desire to drive my car off an overpass became stark, real and terrifyingly close to reality. I simply had had enough and thought this would make people remember me, even for a little while. But I didn’t do it. The experience and its closeness shook me. When I got home, I broke down to my wife and we decided I needed help and I needed it now. She took me to a hospital where I spent the next few days reading, reflecting and most importantly, talking to mental health professionals.

Over the next few weeks, I learned two life-altering things. First, my brain needed medicine. Second, I wanted to become a teacher. That may sound a little strange, but in the course of my reflections and therapy on why I felt so empty, one thing became clear: I had an innate desire to make a positive impact on the world. When I started broaching the topic of what that might look like for me, friends and family all floated the same idea, “Maybe you should think about teaching?!”

Plan B

Growing up, I wanted to be one of two things: a professional wrestler or a rock star. By my mid-20s, after forgoing college norms and diving into both of these dreams, I realized that maybe those weren’t the most practical vocations. So, without much thought, I started working retail. I never stopped to think about what I wanted to do; I just did what I needed to do to get by.

But even in my long career in retail sales and management, a trend started to emerge. I liked teaching people. I took on training roles and attended classes to learn as much as I could about the product I was selling. My favorite accomplishments over the years were never the big sales I made, but the people I developed and guided to success. So when my family and friends started telling me to look into teaching, I thought, “Well, why not? It can’t be too different from teaching people to sell guitars and mattresses.”

I am also very much a kid at heart. I play video games, watch streamers on Twitch, love cartoons and comics and have always worn the title of “goofball” as a badge of honor. I could fit in with literal kids; they might relate to me more than my actual peers! I am also a self-described nerd who loves learning new things and researching anything and everything. Sharing my enthusiasm for learning made teaching seem like a strong fit.

More importantly to my mental health, the idea of being a teacher hit home in that missing part of my life. Would teaching the next generation make me feel like I’m leaving my mark? Will it help me feel fulfilled? Is it OK to place so much of my personal value on a career?
Without much to lose and the hope that a change in vocation could bring what I felt was missing, I applied to an online university to begin my journey toward becoming an educator.

A New Hope

Fast forward through a few years with a lot of college work and a stint as a district substitute teacher in an urban school district. I got my first full-time job as a teacher, teaching fourth grade math, science and social studies at a wonderful little school that was walking distance from my home. In that first year, even though I was in my late 30s, I experienced all the anxiety, fatigue and headspinning experiences of any first-year teacher. I also began to see a change in myself. Even though I had never been so tired and so challenged, I also finally felt like I mattered. Like I was doing what I was supposed to do.

Before going into teaching, my belief was that the difference I would be able to make in a kid’s life would be impactful, but only insofar as education. I had no idea how much teaching actually revolved around two things I am particularly good at that really fill my emotional bucket: performing and building relationships.

I love being on stage and in the spotlight. It’s why I wanted to be a wrestler or a rock star. What I wish I had known all those years ago was that teaching is just a big performance every day that can elicit the same emotional highs (and lows) as a fun rock show. I’m not being hyperbolic when I say that I sometimes have the same sense of accomplishment and “high” when I feel like I gave a great lesson — or the students really get into the groove of a good debate — as I do when I step off stage after thrashing punk music with my band. The idea that I could do something positive for the world and still feel this way afterward cemented my belief that teaching is where I belong.

In my first year of teaching, I also began to see how this new vocation could help others besides the kids and me. One day, partway through my first year, a parent came in to request a conference. She felt overwhelmed and frustrated that her amazingly bright child just could not get into math and was actively pushing back against the very idea of it. As I sat with the mom and we brainstormed how we could work to present learning in a new and novel way for her child, I saw her relax, smile and realize that it would be OK. I had hard proof that what I’m doing made someone’s life better, even for just a few moments. By the end of the year, her child was doing much better in math and, more importantly, really enjoyed learning and working with her mom to build resilience and a growth mindset.

Solidarity

Mental health among teachers is a tough and very personal subject. My hope in sharing my story is not to say that teachers should all be happy all the time, or that the struggle with depression and anxiety amongst teachers isn’t a real problem that needs solving. I am simply reflecting on what it is that teaching gives me each day. The opportunity to perform. The opportunity to make connections with students, families and fellow teachers. The opportunity to teach skills and subjects that will make my students better learners. And crucially, the opportunity to make a real difference in the lives of my students and their families.

Today, I have the pleasure of teaching my favorite subject, history and social studies, to seventh and eighth grade students. One goal I have every day is to remember that being allowed to influence these students’ lives is an honor and a privilege. My words, no matter how much they try not to listen, have real power and influence on their growth and the decisions they will make.

By choosing to be a teacher, not only did I save my own life, but I am also improving the lives of my students, and they may just save the world.

If you or someone you know is in immediate distress or is thinking about hurting themselves, call the 988 Suicide & Crisis Lifeline. You also can text the Crisis Text Line (HELLO to 741741) or use the Lifeline Chat on the 988 Suicide & Crisis Lifeline website.

Anthropic’s new plug-ins for Cowork announced on Friday are sparking jitters in the markets with software, professional services and analytics companies seeing the largest sell-offs.

Last month, Anthropic launched its Cowork model, a “simpler version of Claude Code” prompting concerns among those heavily invested in software companies. Friday’s (30 January) launch of new plug-ins seems to have accelerated the concerns.

This week has seen a strong sell-off in US and European software, professional services and data analytics companies, with the trend continuing yesterday (3 February) and contagion in Asian markets. Commentators are blaming the release of Anthropic’s plugins for Cowork which the AI player says will automate tasks across legal, sales, marketing and data analysis.

The legal space is where organisations like Thomson Reuters makes much of its revenue, so it was one of the players to see an 18pc slump in its share price yesterday, according to Reuters itself, which added that its shares are now down 33pc just this year, having dropped by 22pc in 2025, as fears rise around AI disruption in the legal sector.

Other providers of legal analytics also dropped with the UK’s RELX falling 14pc and Dutch company Wolters Kluwer seeing a drop of 13pc.

And the contagion spread to other software companies and the broader market as AI fuels concerns among investors who are struggling to figure out who the winners and losers will be in the current AI-fuelled economy. According to Bloomberg, a Goldman Sachs basket of US software stocks fell 6pc yesterday – its sharpest one-day drop since the sell-off that followed the initial US tariffs announcements in April.

When Anthropic launched Cowork on 12 January, it described it as a simpler version of Claude Code for non-coding related tasks. It said this new model has more agency – it can read, edit and re-organise files, taking on many of same tasks Claude Code can, but in a more “approachable” form.

Cowork seems firmly targeted at the enterprise market with its promise to make using Claude “for work” easier. Now, the new sector-specific plugins are seen as a particular threat to existing analytics players.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more than half a dozen countries, researchers said Wednesday.

The threat group, tracked under names including APT28, Fancy Bear, Sednit, Forest Blizzard, and Sofacy, pounced on the vulnerability, tracked as CVE-2026-21509, less than 48 hours after Microsoft released an urgent, unscheduled security update late last month, the researchers said. After reverse-engineering the patch, group members wrote an advanced exploit that installed one of two never-before-seen backdoor implants.

Stealth, speed, and precision

The entire campaign was designed to make the compromise undetectable to endpoint protection. Besides being novel, the exploits and payloads were encrypted and ran in memory, making their malice hard to spot. The initial infection vector came from previously compromised government accounts from multiple countries and were likely familiar to the targeted email holders. Command and control channels were hosted in legitimate cloud services that are typically allow-listed inside sensitive networks.

“The use of CVE-2026-21509 demonstrates how quickly state-aligned actors can weaponize new vulnerabilities, shrinking the window for defenders to patch critical systems,” the researchers, with security firm Trellix, wrote. “The campaign’s modular infection chain—from initial phish to in-memory backdoor to secondary implants was carefully designed to leverage trusted channels (HTTPS to cloud services, legitimate email flows) and fileless techniques to hide in plain sight.”

The 72-hour spear phishing campaign began January 28 and delivered at least 29 distinct email lures to organizations in nine countries, primarily in Eastern Europe. Trellix named eight of them: Poland, Slovenia, Turkey, Greece, the UAE, Ukraine, Romania, and Bolivia. Organizations targeted were defense ministries (40 percent), transportation/logistics operators (35 percent), and diplomatic entities (25 percent).