ThreatCluster

China-linked Cybercriminals Exploit VMware ESXi Vulnerabilities

First seen 9 Jan 2026, 15:51 UTC Theregister 58% similarity 33

Article Content

Browse articles
ThreatCluster

Chinese-linked cybercriminals utilized a VMware ESXi hypervisor escape kit to target the ESXi hypervisor. Researchers from Huntress reported that the toolkit was in development as early as February 2024 and was used in an intrusion observed in December 2025. The attack involved sophisticated techniques to break out of virtual machines.

ThreatCluster AI

Community

Browse all →