-
The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet
Ransomware groups are targeting hypervisors to maximize impact, allowing a single breach to encrypt dozens of virtual machines at once. Drawing on real-world incident data, Huntress explains how attackers exploit visibility gaps at the hypervisor layer and outlines steps orgs can take to harden virtualization infrastructure.
- December 16, 2025
- 10:01 AM
0
-
Kraken ransomware benchmarks systems for optimal encryption choice
The Kraken ransomware, which targets Windows, Linux/VMware ESXi systems, is testing machines to check how fast it can encrypt data without overloading them.
- November 13, 2025
- 05:53 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Scattered Spider is running a VMware ESXi hacking spree
Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- July 27, 2025
- 11:05 AM
- 0
-
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.
- July 17, 2025
- 05:36 PM
- 3
-
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines.
- May 20, 2025
- 10:39 AM
- 0
-
Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin
The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions.
- May 19, 2025
- 10:03 AM
- 0
-
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
- May 16, 2025
- 11:23 AM
- 0
-
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
- March 06, 2025
- 10:39 AM
- 2
-
Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected.
- January 26, 2025
- 10:19 AM
- 0
-
Linux version of new Cicada ransomware targets VMware ESXi servers
A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.
- September 01, 2024
- 10:14 AM
- 0
-
OneBlood's virtual machines encrypted in ransomware attack
OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack.
- July 31, 2024
- 02:16 PM
- 0
-
CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.
- July 30, 2024
- 03:54 PM
- 0
-
Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.
- July 29, 2024
- 01:06 PM
- 0
-
New Play ransomware Linux version targets VMware ESXi VMs
Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines.
- July 22, 2024
- 01:01 PM
- 0
-
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks.
- July 15, 2024
- 10:27 AM
- 0
-
Linux version of RansomHub ransomware targets VMware ESXi VMs
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.
- June 20, 2024
- 03:00 PM
- 1
-
UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs
A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement.
- June 20, 2024
- 01:46 PM
- 0
-
Linux version of TargetCompany ransomware focuses on VMware ESXi
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.
- June 05, 2024
- 07:17 PM
- 0
-
The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services.
- April 05, 2024
- 05:59 PM
- 0
-
Hosting firm's VMware ESXi servers hit by new SEXi ransomware
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.
- April 03, 2024
- 05:58 PM
- 4
