Virtual Machine
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems on a host computer as virtual machines (VMs). Since security solutions on […]
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. Researchers at cybersecurity company Sophos observed the tactic while investigating recent ‘WantToCry’ ransomware incidents. They found the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem’s VMmanager. Diving deeper, […]
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs
US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. An updated joint advisory from CISA, the FBI, the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and several international partners alerts that Akira ransomware has expanded its […]
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack breaks the isolation between VMs and the cloud hypervisor, bypassing existing Spectre mitigations and threatening to leak sensitive data by leveraging speculative execution. The […]
Microsoft fixes Windows Server bug causing cluster, VM issues
Microsoft has resolved a known issue that triggers Cluster service and VM restart issues after installing July’s Windows Server 2019 security updates. The company acknowledged the bug in a private advisory seen by GeekFeed three weeks ago and asked businesses to reach out for support to mitigate the cluster issues. As Redmond explained at the time, the […]
Microsoft: Windows Server KB5062557 causes cluster, VM issues
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month’s Windows Server 2019 security updates. As the company explains in a private advisory seen by GeekFeed, the Cluster service (a system component essential to cluster operation) might fail to function correctly […]
Windows KB5064489 emergency update fixes Azure VM launch issues
Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. The bug impacted Windows Server 2025 and Windows 11 24H2 and was introduced during the July Patch Tuesday security updates. “This update addresses an issue that prevented […]
Windows Server emergency update fixes Hyper-V VM freezes, restart issues
Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly. These problems mainly impact Azure confidential VMs, which are designed to protect data while being processed, not just when it’s transmitted or stored. Redmond has addressed this issue with the […]
New Windows Server emergency updates fix container launch issue
Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. The issue affects only containers running under Hyper-V isolation mode, which allows multiple containers to run simultaneously on a single Windows host inside separate virtual machines. “This update fixes an issue caused by 2025.04 B container images released […]
Windows infected with backdoored Linux VMs in new phishing attacks
A new phishing campaign dubbed ‘CRON#TRAP’ infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network. A […]