Security News

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
2025-04-23 12:52

MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi...

New VanHelsing ransomware targets Windows, ARM, ESXi systems
2025-03-24 19:43

A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. [...]

Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
2025-03-06 15:39

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
2025-01-28 11:01

Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control...

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
2025-01-26 15:19

Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. [...]

Ransomware on ESXi: The mechanization of virtualized attacks
2025-01-13 11:30

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly...

VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group
2024-09-03 15:34

A number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.

Linux version of new Cicada ransomware targets VMware ESXi servers
2024-09-01 14:14

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. [...]

Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems
2024-09-01 14:14

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. [...]

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave
2024-08-28 10:21

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various...