Chinese Cybercriminals Exploit ESXi Zero-Days Before Public Disclosure

Chinese Cybercriminals Exploit ESXi Zero-Days Before Public Disclosure

First seen 9 Jan 2026, 17:57 UTC Theregister 58% similarity 33.3

Article Content

Browse articles
ThreatCluster

Chinese-linked cybercriminals utilized a VMware ESXi hypervisor escape toolkit over a year prior to the public disclosure of the vulnerabilities. Researchers at Huntress identified an intrusion in December 2025, revealing that the toolkit's development began as early as February 2024. This sophisticated attack targeted the ESXi hypervisor by breaking out of virtual machines.

ThreatCluster AI

Community

Browse all →