All news with #veeam tag

🔔 Veeam has released updates to address multiple vulnerabilities in Veeam Backup & Replication, including three critical authenticated RCE flaws affecting builds up to 12.3.2.4165. The three RCE issues (CVE-2026-21666, CVE-2026-21667 and CVE-2026-21708) carry CVSS 9.9 scores and can permit authenticated users to execute code on backup servers; two additional high-severity bugs enable file manipulation and local privilege escalation. Veeam fixed the issues in build 12.3.2.4465 and urges organizations to patch immediately, emphasizing that backup infrastructure represents a highly privileged target for attackers.

🔒 Veeam has released security updates addressing seven critical vulnerabilities in Veeam Backup & Replication that could enable remote code execution, file manipulation, or privilege escalation if exploited. Affected builds include 12.3.2.4165 and earlier 12.x releases; fixes are available in 12.3.2.4465 and select fixes in 13.0.1.2067. Notable issues include multiple CVEs with CVSS scores up to 9.9 that allow authenticated domain users, Backup Viewers, or Backup Administrators to execute code, alter files, or escalate privileges. Veeam warned attackers may reverse-engineer patches, and customers are urged to update promptly.

🛡️ Veeam has released updates for Veeam Backup & Replication that address multiple vulnerabilities, including four critical remote code execution (RCE) flaws that allow low-privileged users or Backup Viewer accounts to execute code on backup servers. The key issues (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) are fixed in 12.3.2.4465 and 13.0.1.2067. Administrators are urged to upgrade immediately, as ransomware actors have repeatedly targeted VBR to move laterally, steal data, and prevent recovery.

🔒 Veeam has released a patch addressing four vulnerabilities in Backup & Replication v13 that let users with Backup Admin, Backup Operator, or Tape Operator roles exceed intended privileges. The most severe, CVE-2025-59470 (CVSS 9.0), can enable remote code execution as the Postgres user; others permit file writes as root or RCE via malicious configuration files. Veeam recommends immediate installation of version 13.0.1.1071; the vendor says core backup data remains immutable and intact.

⚠️ Veeam released security updates for Backup & Replication to fix multiple vulnerabilities, including a remote code execution bug tracked as CVE-2025-59470. The flaw affects version 13.0.1.180 and earlier 13 builds and can allow users with Backup or Tape Operator roles to execute code as the postgres user. On January 6 Veeam published 13.0.1.1071 to patch CVE-2025-59470 plus a high (CVE-2025-55125) and a medium (CVE-2025-59468) issue. Administrators are advised to apply updates and follow Veeam's security guidelines to limit privileged-role exposure.

🔒 Veeam has released security updates for Veeam Backup & Replication to address a critical remote code execution flaw tracked as CVE-2025-59470 (CVSS 9.0) that could allow a Backup or Tape Operator to run code as the postgres user via a crafted interval or order parameter. The vendor also fixed three additional vulnerabilities that permit escalation to root or file writes by privileged backup roles. All 13.x builds up to 13.0.1.180 are affected and the fixes are included in 13.0.1.1071; customers are advised to apply updates and follow role-hardening guidance promptly.

🔒 A joint US and international advisory on 14 November attributes approximately $244.17m in illicit proceeds to the Akira ransomware group since late September 2025. The advisory reports rapid data exfiltration in some incidents and details exploitation of SonicWall CVE-2024-40766, expansion to Nutanix AHV disk encryption, and attacks leveraging SSH and unpatched Veeam servers. Operators employ initial access brokers, tunnelling tools and remote access software such as AnyDesk to persist and evade detection. Organisations are urged to prioritise patching, enforce phishing-resistant MFA, and maintain offline backups.

🔍 Cyber threat group Scattered Spider has been linked to a new campaign targeting financial services, according to ReliaQuest. The attackers gained access by socially engineering an executive and abusing Azure AD self-service password reset, then moved laterally via Citrix and VPN to compromise VMware ESXi. They escalated privileges by resetting a Veeam service account, assigning Azure Global Administrator rights, and attempted data extraction from Snowflake and AWS. The activity contradicts the group's retirement claims and suggests regrouping or rebranding.