A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
https://threatpost.com/billquick-billing-app-ransomware/175720/
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.
https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/