BLOG POSTS
Hardened, Compliant, and Still Compromised: Why ESX Frameworks Aren’t Enough
ESX hardening guides have been the foundation of hypervisor security programs for a long time. Disable unnecessary services. Lock down management access. Enforce strong authentication. Patch early and often. These practices are table...
PWN2OWN Berlin 2026: ESXi VM Escape
When the patch doesn't exist yet, the control still does. ZeroLock provides mitigating controls for VMware ESXi VM escape exploits like those demonstrated by STARLabs SG at Pwn2Own Berlin 2026. What Happened at Pwn2Own Berlin 2026...
The Gentlemen: A Threat Profile
Aliases No confirmed aliases at this time. The group operates exclusively under "The Gentlemen" branding across underground forums, its dark web leak site, and a public X/Twitter account. Get Threat Intel and Security Updates Delivered...
Qilin: A Threat Profile
Aliases Agenda (original name, 2022) Gold Feather (Secureworks) Water Galura (Trend Micro) Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat...
DORA Article 9 and the Hypervisor MFA Gap: Are You Fully Compliant?
Most financial institutions have deployed multifactor authentication (MFA) where auditors have traditionally looked for it: VPNs, email, cloud applications. That coverage checks the expected boxes—and for years, it was enough. But one...
What Is Zero Trust Network Access for ESX?
As ransomware and advanced persistent threats continue to evolve, security teams are facing new security risks tied to the virtualization layer. VMware ESX hypervisors—responsible for running enterprise virtual machines (VMs) and managing...
Vali Cyber® Brings Hypervisor Visibility into the SOC with Google Security Operations
Security teams have spent years centralizing visibility across endpoints, identities, and networks. But one critical layer has remained largely invisible: the hypervisor. Today, that changes. Vali Cyber’s ZeroLock® is enabling...
Dark Angels: A Threat Profile
Aliases Dark Angels Dark Angels Team White Rabbit Related Historical Identifiers MARIO (ESXi) - Babuk-derived ESXi encryptor assessed as part of the Dark Angels lineage Dunghill - data leak and extortion site branding used in Dark...
DarkBit: A Threat Profile
Aliases DarkBit Ransomware esxi.darkbit (Linux/ESXi payload name observed in incident response) Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat...
AI Risks in Virtualized Environments: How AI Expands the Attack Surface
AI risks in virtualized environments are becoming an enterprise concern as AI tools move deeper into daily operations. AI systems now operate inside marketing, HR, finance, legal, and engineering workflows, while development teams rely on...
Why EDR Isn’t Enough in 2026: The Rise of Preemptive Hypervisor Security
EDR vs hypervisor security has become one of the most critical debates in enterprise defense as threats move deeper into virtualized infrastructure. For years, enterprise security strategies have been built around a familiar assumption:...
What Is an Advanced Persistent Threat (APT) & What Do They Mean for Virtualized Infrastructure?
What is an Advanced Persistent Threat (APT)? Advanced Persistent Threat (APT) describes an adversary, often state-sponsored but not always, that uses skilled operators and significant resources to gain access to a specific...
Akira: A Threat Profile
Aliases Akira is the only known alias. Associated with other groups known as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara Get Threat Intel and Security Updates Delivered to Your Inbox. [hubspot_form...
Preemptive Security Explained: How to Stay Ahead of Cyber Threats
Imagine locking your front door after a burglar has already walked through your house. Now imagine doing that with your critical infrastructure. That’s how reactive cybersecurity operates. You get alerted after something bad has already...
Fire Ant: A Threat Profile
Aliases Fire Ant China‑nexus infrastructure espionage actor (media shorthand) UNC3886‑overlap (tooling/TTP overlap; not a formal attribution) Listed by MITRE as an alias for Mustang Panda (G0129) Profiling Threat Actor Type:...
The CISO’s Guide to Preemptive Hypervisor Security in 2026
As we head into 2026, one thing has become clear in the last year: attackers are changing tactics, and our defenses need to evolve with them. Virtualization infrastructure, the hypervisor layer in particular, has emerged as a high-impact...