BLOG POSTS
Akira: A Threat Profile
Aliases Akira is the only known alias. Associated with other groups known as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat Actor Type:...
Preemptive Security Explained: How to Stay Ahead of Cyber Threats
Imagine locking your front door after a burglar has already walked through your house. Now imagine doing that with your critical infrastructure. That’s how reactive cybersecurity operates. You get alerted after something bad has already...
Fire Ant: A Threat Profile
Aliases Fire Ant China‑nexus infrastructure espionage actor (media shorthand) UNC3886‑overlap (tooling/TTP overlap; not a formal attribution) Listed by MITRE as an alias for Mustang Panda (G0129) Profiling Threat Actor Type:...
The CISO’s Guide to Preemptive Hypervisor Security in 2026
As we head into 2026, one thing has become clear in the last year: attackers are changing tactics, and our defenses need to evolve with them. Virtualization infrastructure, the hypervisor layer in particular, has emerged as a high-impact...
BRICKSTORM: Nation-State Operators Are Moving Into the Hypervisor Layer
The December 2025 CISA/NSA/Cyber Centre analysis of BRICKSTORM represents one of the clearest signals yet that hypervisors have become priority targets for state-backed cyber operations. The report attributes BRICKSTORM to PRC...
Enhance VCF 9 Security with ZeroLock®
As organizations continue to adopt VMware Cloud Foundation (VCF) 9, security remains a top priority. Hypervisors are an increasingly critical layer which—if compromised—can give attackers complete control over the environment. VCF 9 has...
End of Year Review: Why Virtualization is Falling into the C-Suite Spotlight
When attackers reach the virtualization layer, they gain control of the systems that run the entire business. This unfortunate scenario has occurred exponentially in recent years as threat actors discover that the hypervisor remains the...
Everything You Need to Know About Hypervisors
Virtualization changed everything about how modern computing works, but most people have no idea what’s happening under the hood. Before virtualization, companies had to buy a separate physical machine for every single application they...
How ZeroLock Mitigates BRICKSTORM: Securing VMware Against Advanced Threats
BRICKSTORM is a custom-made malware family recently being used by suspected state-aligned threat actors out of China. Some of the binary files associated with BRICKSTORM appear to have been made specifically to target vCenter servers and...
DragonForce: A Threat Profile
Aliases DragonForce Malaysia (early hacktivist identity) DragonForce Ransomware Gang DragonLeaks (leak site) DFRansom Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat Actor Type: Initially a...
CISOs: Lead the Charge in Virtualization Security in 2026
CISOs have spent the last decade hardening endpoints, identities, and cloud workloads. Yet for many organizations, the hypervisor remains dangerously exposed. Over the past four years, hypervisor-specific ransomware has driven an...
ShinyHunters: A Threat Profile
Aliases ShinyCorp UNC6240 Sometimes referenced as “Scattered Lapsus$ Hunters” in recent collaborations. Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat Actor Type: Financially motivated data-theft and...
LockBit: A Threat Profile
Aliases ABCD ransomware LockBit 2.0 LockBit Black (3.0) LockBit Green LockBit 5.0 Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat Actor Type: Ransomware-as-a-Service (RaaS) with global...
The 99% Solution: MFA for Hypervisor Security
Hypervisor attacks are accelerating, and the cost is catastrophic. Recent ESXi ransomware attacks have cost organizations hundreds of millions in recovery. In some cases, a single ESXi breach has led to costs exceeding $400 million. ...
Scattered Spider and the Finance Sector: Ransomware Tactics Banks Can’t Afford to Ignore
The financial sector is built on trust, speed, and constant availability. Despite publicly announcing their “retirement,” Scattered Spider has resurfaced with fresh intrusions into U.S. banks and financial services. Their latest ESXi...
Executive Briefing: Hypervisor Ransomware—The Hidden $400 Million Board-Level Exposure
Why The Board Should Act Now As hypervisor ransomware attacks surge and exposure widens, this once-overlooked layer now poses material risk to revenue, operations, and oversight. Hypervisor ransomware (specifically on VMware ESXi) has...