CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks.

Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) in March 2025 alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days.

“A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox,” Broadcom said about the CVE-2025-22225 flaw.

At the time, the company said that the three vulnerabilities affect VMware ESX products, including VMware ESXi, Fusion, Cloud Foundation, vSphere, Workstation, and Telco Cloud Platform, and that attackers with privileged administrator or root access can chain them to escape the virtual machine’s sandbox.

According to a report published last month by cybersecurity company Huntress, Chinese-speaking threat actors have likely been chaining these flaws in sophisticated zero-day attacks since at least February 2024.

Flagged as exploited in ransomware attacks

In a Wednesday update to its list of vulnerabilities exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said CVE-2025-22225 is now known to be used in ransomware campaigns but didn’t provide more details about these ongoing attacks.

CISA first added the flaw to its Known Exploited Vulnerabilities (KEV) catalog in March 2025 and ordered federal agencies to secure their systems by March 25, 2025, as mandated by Binding Operational Directive (BOD) 22-01.

“Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,” the cybersecurity agency says.

Ransomware gangs and state-sponsored hacking groups often target VMware vulnerabilities because VMware products are widely deployed on enterprise systems that commonly store sensitive corporate data.

For instance, in October, CISA ordered government agencies to patch a high-severity vulnerability (CVE-2025-41244) in Broadcom’s VMware Aria Operations and VMware Tools software, which Chinese hackers have exploited in zero-day attacks since October 2024.

More recently, CISA has also tagged a critical VMware vCenter Server vulnerability (CVE-2024-37079) as actively exploited in January and ordered federal agencies to secure their servers by February 13.

In related news, this week, cybersecurity company GreyNoise reported that CISA has “silently” tagged 59 security flaws as known to be used in ransomware campaigns last year alone.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Advertisement

Get the guide

Lores, who served decades at HP, was also PayPal’s board chair since 2024.

HP was apparently caught off guard, according to reports, after PayPal snatched the company’s CEO Enrique Lores to replace Alex Chriss.

In a statement, PayPal said that the switch-up had to come because the “pace of change and execution [under Chriss] was not in line with the board’s expectations”. Lores is expected to overhaul the payments company and ensure it maintains its leading position in the industry in the long-run, the company said.

Chief financial and operating officer Jamie Miller will serve as interim CEO at the company until Lores assumes the role of president and CEO. Meanwhile, David Dorman has been appointed as independent board chair.

“We will further strengthen the culture of innovation necessary to deliver long-term transformation and balance this with near-term delivery”, commented Lores.

“The payments industry is changing faster than ever, driven by new technologies, evolving regulations, an increasingly competitive landscape and the rapid acceleration of AI that is reshaping commerce daily.”

Chriss was appointed as PayPal’s CEO and president in 2023, a challenging post-pandemic period when trading volumes were low, but large tech companies and newer fintech rivals were adding competitive pressure on PayPal’s core businesses.

At the time of his appointment, PayPal described him as a “next generation leader” capable of driving growth across the company, but less than three years later, that seems to not have worked out. Lores, meanwhile, is familiar to PayPal, serving on the company’s board for nearly five years, and as board chairperson since July 2024.

However, the executive switch-up did not sway investor confidence after the company missed revenue expectations in the quarter past. In its fourth quarter results for 2025, PayPal posted $8.68bn in revenue, lower than London Stock Exchange Group analysts’ average estimates, but marginally higher than this quarter last year.

The dim quarter and change of leadership sent share prices at PayPal plummeting by 20pc. Company shares have dropped more than 80pc over the last five years.

Lores had come into HP as an intern nearly four decades ago. He orchestrated the split from HP Enterprise and took on the role of CEO in 2019. Semafor reported that Lores’ sudden move sent HP executives scurrying for a replacement.

In a statement yesterday (3 February), HP said that Lores stepped down as both board president and CEO to “pursue another professional opportunity”.

Bruce Broussard, a HP board member since 2021, has been appointed as interim CEO until a search committee identifies a successor. Broussard most recently served as the president and CEO of healthcare company Humana.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

This story was published by a Voices of Change fellow. Learn more about the fellowship here.

Teaching is many things. It’s a profession and a passion, tedious and rewarding, infuriating and full of joy. For some, mental health issues like anxiety and depression become worse when teaching. This has led to many teachers and educators leaving the profession, with plenty of news and opinion coverage on the mental health crisis in education.

But my story is a bit different. Not only has teaching improved my mental health, but it quite literally saved my life.

Against a Sea of Troubles

In February of 2017, I was working in retail management, and had been doing so since graduating college back in 2002. I was OK at sales, a pretty good manager and especially great at training new sales associates. At the same time, I was also struggling with severe depression and anxiety. I didn’t really know why. I didn’t think I hated my job; I loved my wife and family. On paper, I had good friends and a pretty good life. But there were some days I just could not face. I felt alone, empty and frankly, lost. Was this all that my life would have to offer? Would this be all I was ever known for? Would anyone miss me when I’m gone?

This led to the evening of Feb. 24. I was driving home from another dull day of work when the desire to drive my car off an overpass became stark, real and terrifyingly close to reality. I simply had had enough and thought this would make people remember me, even for a little while. But I didn’t do it. The experience and its closeness shook me. When I got home, I broke down to my wife and we decided I needed help and I needed it now. She took me to a hospital where I spent the next few days reading, reflecting and most importantly, talking to mental health professionals.

Over the next few weeks, I learned two life-altering things. First, my brain needed medicine. Second, I wanted to become a teacher. That may sound a little strange, but in the course of my reflections and therapy on why I felt so empty, one thing became clear: I had an innate desire to make a positive impact on the world. When I started broaching the topic of what that might look like for me, friends and family all floated the same idea, “Maybe you should think about teaching?!”

Plan B

Growing up, I wanted to be one of two things: a professional wrestler or a rock star. By my mid-20s, after forgoing college norms and diving into both of these dreams, I realized that maybe those weren’t the most practical vocations. So, without much thought, I started working retail. I never stopped to think about what I wanted to do; I just did what I needed to do to get by.

But even in my long career in retail sales and management, a trend started to emerge. I liked teaching people. I took on training roles and attended classes to learn as much as I could about the product I was selling. My favorite accomplishments over the years were never the big sales I made, but the people I developed and guided to success. So when my family and friends started telling me to look into teaching, I thought, “Well, why not? It can’t be too different from teaching people to sell guitars and mattresses.”

I am also very much a kid at heart. I play video games, watch streamers on Twitch, love cartoons and comics and have always worn the title of “goofball” as a badge of honor. I could fit in with literal kids; they might relate to me more than my actual peers! I am also a self-described nerd who loves learning new things and researching anything and everything. Sharing my enthusiasm for learning made teaching seem like a strong fit.

More importantly to my mental health, the idea of being a teacher hit home in that missing part of my life. Would teaching the next generation make me feel like I’m leaving my mark? Will it help me feel fulfilled? Is it OK to place so much of my personal value on a career?
Without much to lose and the hope that a change in vocation could bring what I felt was missing, I applied to an online university to begin my journey toward becoming an educator.

A New Hope

Fast forward through a few years with a lot of college work and a stint as a district substitute teacher in an urban school district. I got my first full-time job as a teacher, teaching fourth grade math, science and social studies at a wonderful little school that was walking distance from my home. In that first year, even though I was in my late 30s, I experienced all the anxiety, fatigue and headspinning experiences of any first-year teacher. I also began to see a change in myself. Even though I had never been so tired and so challenged, I also finally felt like I mattered. Like I was doing what I was supposed to do.

Before going into teaching, my belief was that the difference I would be able to make in a kid’s life would be impactful, but only insofar as education. I had no idea how much teaching actually revolved around two things I am particularly good at that really fill my emotional bucket: performing and building relationships.

I love being on stage and in the spotlight. It’s why I wanted to be a wrestler or a rock star. What I wish I had known all those years ago was that teaching is just a big performance every day that can elicit the same emotional highs (and lows) as a fun rock show. I’m not being hyperbolic when I say that I sometimes have the same sense of accomplishment and “high” when I feel like I gave a great lesson — or the students really get into the groove of a good debate — as I do when I step off stage after thrashing punk music with my band. The idea that I could do something positive for the world and still feel this way afterward cemented my belief that teaching is where I belong.

In my first year of teaching, I also began to see how this new vocation could help others besides the kids and me. One day, partway through my first year, a parent came in to request a conference. She felt overwhelmed and frustrated that her amazingly bright child just could not get into math and was actively pushing back against the very idea of it. As I sat with the mom and we brainstormed how we could work to present learning in a new and novel way for her child, I saw her relax, smile and realize that it would be OK. I had hard proof that what I’m doing made someone’s life better, even for just a few moments. By the end of the year, her child was doing much better in math and, more importantly, really enjoyed learning and working with her mom to build resilience and a growth mindset.

Solidarity

Mental health among teachers is a tough and very personal subject. My hope in sharing my story is not to say that teachers should all be happy all the time, or that the struggle with depression and anxiety amongst teachers isn’t a real problem that needs solving. I am simply reflecting on what it is that teaching gives me each day. The opportunity to perform. The opportunity to make connections with students, families and fellow teachers. The opportunity to teach skills and subjects that will make my students better learners. And crucially, the opportunity to make a real difference in the lives of my students and their families.

Today, I have the pleasure of teaching my favorite subject, history and social studies, to seventh and eighth grade students. One goal I have every day is to remember that being allowed to influence these students’ lives is an honor and a privilege. My words, no matter how much they try not to listen, have real power and influence on their growth and the decisions they will make.

By choosing to be a teacher, not only did I save my own life, but I am also improving the lives of my students, and they may just save the world.

If you or someone you know is in immediate distress or is thinking about hurting themselves, call the 988 Suicide & Crisis Lifeline. You also can text the Crisis Text Line (HELLO to 741741) or use the Lifeline Chat on the 988 Suicide & Crisis Lifeline website.

Anthropic’s new plug-ins for Cowork announced on Friday are sparking jitters in the markets with software, professional services and analytics companies seeing the largest sell-offs.

Last month, Anthropic launched its Cowork model, a “simpler version of Claude Code” prompting concerns among those heavily invested in software companies. Friday’s (30 January) launch of new plug-ins seems to have accelerated the concerns.

This week has seen a strong sell-off in US and European software, professional services and data analytics companies, with the trend continuing yesterday (3 February) and contagion in Asian markets. Commentators are blaming the release of Anthropic’s plugins for Cowork which the AI player says will automate tasks across legal, sales, marketing and data analysis.

The legal space is where organisations like Thomson Reuters makes much of its revenue, so it was one of the players to see an 18pc slump in its share price yesterday, according to Reuters itself, which added that its shares are now down 33pc just this year, having dropped by 22pc in 2025, as fears rise around AI disruption in the legal sector.

Other providers of legal analytics also dropped with the UK’s RELX falling 14pc and Dutch company Wolters Kluwer seeing a drop of 13pc.

And the contagion spread to other software companies and the broader market as AI fuels concerns among investors who are struggling to figure out who the winners and losers will be in the current AI-fuelled economy. According to Bloomberg, a Goldman Sachs basket of US software stocks fell 6pc yesterday – its sharpest one-day drop since the sell-off that followed the initial US tariffs announcements in April.

When Anthropic launched Cowork on 12 January, it described it as a simpler version of Claude Code for non-coding related tasks. It said this new model has more agency – it can read, edit and re-organise files, taking on many of same tasks Claude Code can, but in a more “approachable” form.

Cowork seems firmly targeted at the enterprise market with its promise to make using Claude “for work” easier. Now, the new sector-specific plugins are seen as a particular threat to existing analytics players.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

There is concern that subscribers might be negatively affected if Netflix acquires Warner Bros. Discovery’s streaming and movie studios businesses. One of the biggest fears is that the merger would lead to higher prices due to less competition for Netflix.

During a US Senate hearing Tuesday, Netflix co-CEO Ted Sarandos suggested that the merger would have an opposite effect.

Sarandos was speaking at a hearing held by the US Senate Judiciary Committee’s Subcommittee on Antitrust, Competition Policy, and Consumer Rights, “Examining the Competitive Impact of the Proposed Netflix-Warner Brothers Transaction.”

Sarandos aimed to convince the subcommittee that Netflix wouldn’t become a monopoly in streaming or in movie and TV production if regulators allowed its acquisition to close. Netflix is the largest subscription video-on-demand provider by subscribers (301.63 million as of January 2025), and Warner Bros. Discovery is the third (128 million streaming subscribers, including users of HBO Max and, to a smaller degree, Discovery+).

Speaking at the hearing, Sarandos said: “Netflix and Warner Bros. both have streaming services, but they are very complementary. In fact, 80 percent of HBO Max subscribers also subscribe to Netflix. We will give consumers more content for less.”

During the hearing, Democratic senator Amy Klobuchar of Minnesota asked Sarandos how Netflix can ensure that streaming remains “affordable” after a merger, especially after Netflix issued a price hike in January 2025 despite adding more subscribers.

Sarandos said the streaming industry is still competitive. The executive claimed that previous Netflix price hikes have come with “a lot more value” for subscribers.

“We are a one-click cancel, so if the consumer says, ‘That’s too much for what I’m getting,’ they can cancel with one click,” Sarandos said.

When pressed further on pricing, the executive argued that the merger doesn’t pose “any concentration risk” and that Netflix is working with the US Department of Justice on potential guardrails against more price hikes.

Sarandos claimed that the merger would “create more value for consumers.” However, his idea of value isn’t just about how much subscribers pay to stream but about content quality. By his calculations, which he provided without further details, Netflix subscribers spend an average of 35 cents per hour of content watched, compared to 90 cents for Paramount+.

The Netflix stat is similar to one provided by MoffettNathanson in January 2025, finding that in the prior quarter, on average, Netflix generated 34 cents in subscription fees per hour of content viewed per subscriber. At the time, the research firm said Paramount+ made an average of 76 cents per hour of content viewed per subscriber.

Downplaying Monopoly Concerns

Netflix views Warner as “both a competitor and a supplier,” Sarandos said when subcommittee chair Republican senator Mike Lee of Utah asked why Netflix wants to buy WB’s film studios, per Variety. The streaming executive claimed that Netflix’s “history is about adding more and more” content and choice.

During the hearing, Sarandos argued that streaming is a competitive business and pointed to Google, Apple, and Amazon as “deep-pocketed tech companies trying to run away with the TV business.” He tried to downplay concerns that Netflix could become a monopoly by emphasizing YouTube’s high TV viewership. Nielsen’s The Gauge tracker shows which platforms Americans use most when using their TVs (as opposed to laptops, tablets, or other devices). In December, it said that YouTube, not including YouTube TV, had more TV viewership (12.7 percent) than any other streaming video-on-demand service, including second-place Netflix (9 percent). Sarandos claimed that Netflix would have 21 percent of the streaming market if it merged with HBO Max.

Without meaningful deterrents, Big Tech companies will do what’s profitable, regardless of the cost to consumers. But a new bipartisan bill could add a check that would make them think twice, at least in one area. On Wednesday, Senators Ruben Gallego (D-AZ) and Bernie Moreno (R-OH) introduced legislation that would require social platforms to crack down on scam ads.

The Safeguarding Consumers from Advertising Misconduct (SCAM) Act would require platforms to take reasonable steps to prevent fraudulent or deceptive ads that they profit from. If they don’t, the Federal Trade Commission (FTC) and state attorneys general could take civil legal action against them.

The backdrop to the SCAM Act is a Reuters report from last November. Meta reportedly estimated that up to 10 percent of its 2024 revenue came from scam ads. The company is said to have calculated that as much as $16 billion of its revenue that year was from scams, including “fraudulent e-commerce and investment schemes, illegal online casinos and the sale of banned medical products.”

Making matters worse, Meta reportedly refused to block small fraudsters until their ads were flagged at least eight times. Meanwhile, bigger spenders were said to have accrued at least 500 strikes without being removed. Executives reportedly wrestled with how to get the problem under control — but only without affecting the company’s bottom line. At one point, managers were told not to take any action that could cost Meta more than 0.15 percent of its total revenue. (See what I mean about needing meaningful deterrents?)

According to the FTC, Americans’ estimated total loss from fraud in 2024 (adjusted for underreporting) was nearly $19 billion. An estimated $81.5 billion of that came from seniors.

“If a company is making money from running ads on their site, it has a responsibility to make sure those ads aren’t fraudulent,” Sen. Gallego said in a statement. “This bipartisan bill will hold social media companies accountable and protect consumers’ money online.”

“It is critical that we protect American consumers from deceptive ads and shameless fraudsters who make millions taking advantage of legal loopholes,” Moreno added. “We can’t sit by while social media companies have business models that knowingly enable scams that target the American people.”