Ransomware gangs are actively exploiting the VMware ESXi flaw CVE-2025-22225, which allows attackers to escape the VMX sandbox. Researchers found evidence of a toolkit used in these attacks, indicating that the vulnerabilities were known to the threat actors long before their public disclosure. CISA has confirmed the flaw's involvement in ongoing ransomware incidents.

A serious vulnerability in 7-Zip, tracked as CVE-2025-11001, allows attackers to execute arbitrary code by exploiting how older versions handle ZIP files. Although active exploitation hasn't been seen yet, a public proof-of-concept increases the risk of future attacks, especially on Windows systems with privileged accounts. Users must manually update to version 25.01 to mitigate the threat.