vmware esxi
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. This massive exposure is being reported by threat monitoring platform The Shadowserver Foundation, which reported a figure of around 41,500 yesterday. Today, ShadowServer now reports that 37,000 are still vulnerable, indicating that 4,500 devices were […]
Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. VMware ESXi appliances have a critical role in virtualized environments as they can run on a single physical server multiple virtual machines of an organization. They are largely unmonitored and have been a target for hackers looking to […]
CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw (CVE-2024-37085) discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user […]
New Play ransomware Linux version targets VMware ESXi VMs
Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines. Cybersecurity company Trend Micro, whose analysts spotted the new ransomware variant, says the locker is designed to first check whether it’s running in an ESXi environment before executing and that it can evade detection on […]
VMware ESXi servers targeted by new Linux ransomware variant
A string of attacks on VMware ESXi servers were launched by the Play ransomware group, best known for its double-extortion tactics. In a July 19 blog post, Trend Micro researchers said most of the attacks have been concentrated in the United States. The researchers explained that the ransomware will first verify if it’s running on […]