In Episode 61 of the Cybersecurity Matters Podcast, Austin Gadient—CTO and Co-Founder of Vali Cyber—shares the real-world experiences that led him from competitive hacking at the U.S. Air Force Academy to securing national satellite infrastructure, and ultimately to...
As we head into 2026, one thing has become clear in the last year: attackers are changing tactics, and our defenses need to evolve with them. Virtualization infrastructure, the hypervisor layer in particular, has emerged as a high-impact target. And while this shift...
Scattered Spider may not live on Mount Crumpit, but their playbook for stealing Christmas—and your virtual infrastructure—would make even the Grinch proud. Join Joseph Comps, Threat Intelligence Analyst at Vali Cyber, for a deep dive into one of the most destructive...
The December 2025 CISA/NSA/Cyber Centre analysis of BRICKSTORM represents one of the clearest signals yet that hypervisors have become priority targets for state-backed cyber operations. The report attributes BRICKSTORM to PRC state-sponsored actors and documents a...
As organizations continue to adopt VMware Cloud Foundation (VCF) 9, security remains a top priority. Hypervisors are an increasingly critical layer which—if compromised—can give attackers complete control over the environment. VCF 9 has introduced several advanced...
When attackers reach the virtualization layer, they gain control of the systems that run the entire business. This unfortunate scenario has occurred exponentially in recent years as threat actors discover that the hypervisor remains the least monitored, least...
Virtualization changed everything about how modern computing works, but most people have no idea what’s happening under the hood. Before virtualization, companies had to buy a separate physical machine for every single application they ran. Rooms of hardware, insane...
BRICKSTORM is a custom-made malware family recently being used by suspected state-aligned threat actors out of China. Some of the binary files associated with BRICKSTORM appear to have been made specifically to target vCenter servers and VMware virtualized...
Aliases DragonForce Malaysia (early hacktivist identity) DragonForce Ransomware Gang DragonLeaks (leak site) DFRansom Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat Actor Type: Initially a hacktivist collective (2021–2022),...
In this episode of The CyberVault, Austin Gadient, Co-Founder and CTO of Vali Cyber, breaks down why attackers are targeting the hypervisor, how groups like Scattered Spider are reaching deeper into virtualized environments, and why protecting the hypervisor is...
