BLOG POSTS
Qilin: A Threat Profile
Aliases Agenda (original name, 2022) Gold Feather (Secureworks) Water Galura (Trend Micro) Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat...
DORA Article 9 and the Hypervisor MFA Gap: Are You Fully Compliant?
Most financial institutions have deployed multifactor authentication (MFA) where auditors have traditionally looked for it: VPNs, email, cloud applications. That coverage checks the expected boxes—and for years, it was enough. But one...
What Is Zero Trust Network Access for ESX?
As ransomware and advanced persistent threats continue to evolve, security teams are facing new security risks tied to the virtualization layer. VMware ESX hypervisors—responsible for running enterprise virtual machines (VMs) and managing...
Vali Cyber® Brings Hypervisor Visibility into the SOC with Google Security Operations
Security teams have spent years centralizing visibility across endpoints, identities, and networks. But one critical layer has remained largely invisible: the hypervisor. Today, that changes. Vali Cyber’s ZeroLock® is enabling...
Dark Angels: A Threat Profile
Aliases Dark Angels Dark Angels Team White Rabbit Related Historical Identifiers MARIO (ESXi) - Babuk-derived ESXi encryptor assessed as part of the Dark Angels lineage Dunghill - data leak and extortion site branding used in Dark...
DarkBit: A Threat Profile
Aliases DarkBit Ransomware esxi.darkbit (Linux/ESXi payload name observed in incident response) Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat...
AI Risks in Virtualized Environments: How AI Expands the Attack Surface
AI risks in virtualized environments are becoming an enterprise concern as AI tools move deeper into daily operations. AI systems now operate inside marketing, HR, finance, legal, and engineering workflows, while development teams rely on...
Why EDR Isn’t Enough in 2026: The Rise of Preemptive Hypervisor Security
EDR vs hypervisor security has become one of the most critical debates in enterprise defense as threats move deeper into virtualized infrastructure. For years, enterprise security strategies have been built around a familiar assumption:...
What Is an Advanced Persistent Threat (APT) & What Do They Mean for Virtualized Infrastructure?
What is an Advanced Persistent Threat (APT)? Advanced Persistent Threat (APT) describes an adversary, often state-sponsored but not always, that uses skilled operators and significant resources to gain access to a specific...
Akira: A Threat Profile
Aliases Akira is the only known alias. Associated with other groups known as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara Get Threat Intel and Security Updates Delivered to Your Inbox. [hubspot_form...
Preemptive Security Explained: How to Stay Ahead of Cyber Threats
Imagine locking your front door after a burglar has already walked through your house. Now imagine doing that with your critical infrastructure. That’s how reactive cybersecurity operates. You get alerted after something bad has already...
Fire Ant: A Threat Profile
Aliases Fire Ant China‑nexus infrastructure espionage actor (media shorthand) UNC3886‑overlap (tooling/TTP overlap; not a formal attribution) Listed by MITRE as an alias for Mustang Panda (G0129) Profiling Threat Actor Type:...
The CISO’s Guide to Preemptive Hypervisor Security in 2026
As we head into 2026, one thing has become clear in the last year: attackers are changing tactics, and our defenses need to evolve with them. Virtualization infrastructure, the hypervisor layer in particular, has emerged as a high-impact...
BRICKSTORM: Nation-State Operators Are Moving Into the Hypervisor Layer
The December 2025 CISA/NSA/Cyber Centre analysis of BRICKSTORM represents one of the clearest signals yet that hypervisors have become priority targets for state-backed cyber operations. The report attributes BRICKSTORM to PRC...
Enhance VCF 9 Security with ZeroLock®
As organizations continue to adopt VMware Cloud Foundation (VCF) 9, security remains a top priority. Hypervisors are an increasingly critical layer which—if compromised—can give attackers complete control over the environment. VCF 9 has...
End of Year Review: Why Virtualization is Falling into the C-Suite Spotlight
When attackers reach the virtualization layer, they gain control of the systems that run the entire business. This unfortunate scenario has occurred exponentially in recent years as threat actors discover that the hypervisor remains the...