HYPERVISOR NEWS
How the Grinch Stole ESXi: A Scattered Spider Threat Actor Round- Up
Scattered Spider may not live on Mount Crumpit, but their playbook for stealing Christmas—and your virtual infrastructure—would make even the Grinch proud. Join Joseph Comps, Threat Intelligence Analyst at Vali Cyber, for a deep dive into...
BRICKSTORM: Nation-State Operators Are Moving Into the Hypervisor Layer
The December 2025 CISA/NSA/Cyber Centre analysis of BRICKSTORM represents one of the clearest signals yet that hypervisors have become priority targets for state-backed cyber operations. The report attributes BRICKSTORM to PRC...
Enhance VCF 9 Security with ZeroLock®
As organizations continue to adopt VMware Cloud Foundation (VCF) 9, security remains a top priority. Hypervisors are an increasingly critical layer which—if compromised—can give attackers complete control over the environment. VCF 9 has...
End of Year Review: Why Virtualization is Falling into the C-Suite Spotlight
When attackers reach the virtualization layer, they gain control of the systems that run the entire business. This unfortunate scenario has occurred exponentially in recent years as threat actors discover that the hypervisor remains the...
Everything You Need to Know About Hypervisors
Virtualization changed everything about how modern computing works, but most people have no idea what’s happening under the hood. Before virtualization, companies had to buy a separate physical machine for every single application they...
How ZeroLock Mitigates BRICKSTORM: Securing VMware Against Advanced Threats
BRICKSTORM is a custom-made malware family recently being used by suspected state-aligned threat actors out of China. Some of the binary files associated with BRICKSTORM appear to have been made specifically to target vCenter servers and...
Podcast: What Is Hypervisor Security – and Why Attackers Care Now?
In this episode of The CyberVault, Austin Gadient, Co-Founder and CTO of Vali Cyber, breaks down why attackers are targeting the hypervisor, how groups like Scattered Spider are reaching deeper into virtualized environments, and why...
Presentation: B-Sides NYC
The intricate architecture of hypervisors, while providing remarkable flexibility and scalability for enterprise-level operations, also represents one of the most critical under-protected attack surfaces existing today. This concurrently...
CISOs: Lead the Charge in Virtualization Security in 2026
CISOs have spent the last decade hardening endpoints, identities, and cloud workloads. Yet for many organizations, the hypervisor remains dangerously exposed. Over the past four years, hypervisor-specific ransomware has driven an...
ATT&CK v17 and the Increasingly Targeted ESXi Attack Surface
As enterprise virtualization scales, hypervisors like VMware ESXi have become critical—and increasingly exploited—attack surfaces. High-profile breaches such as Scattered Spider, the MGM Resorts ($110M) incident, and the Johnson Controls...
Gartner Identifies the Top Strategic Technology Trends for 2026
“Technology leaders face a pivotal year in 2026, where disruption, innovation, and risk are expanding at unprecedented speed,” said Gene Alvarez, Distinguished VP Analyst at Gartner. “The top strategic technology trends identified for...
ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures
Our goal with ATT&CK v17 is to help defenders stay aligned with where adversaries are headed by looking at where they’ve recently been. This release aims to inform defensive efforts by focusing on the platforms adversaries are...
Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
On April 6, 2022, VMware published a security advisory mentioning eight vulnerabilities, including CVE-2022-22954 and CVE-2022-22960 impacting their products VMware Workspace ONE Access, Identity Manager and vRealize Automation. On April...
Global Incident Response Report 2025
We see five major emerging trends reshaping the threat landscape. First, threat actors are augmenting traditional ransomware and extortion with attacks designed to intentionally disrupt operations. In 2024, 86% of incidents that Unit 42...
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not...
Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration
Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, underpinning important systems and critical infrastructure. Far from losing its appeal, organizations still rely heavily on vSphere for its...