Theregister
Chinese Cybercriminals Exploit ESXi Zero-Days Before Public Disclosure
First seen 9 Jan 2026, 17:57 UTC
•
•58% similarity
•33.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Chinese-linked cybercriminals utilized a VMware ESXi hypervisor escape toolkit over a year prior to the public disclosure of the vulnerabilities. Researchers at Huntress identified an intrusion in December 2025, revealing that the toolkit's development began as early as February 2024. This sophisticated attack targeted the ESXi hypervisor by breaking out of virtual machines.
ThreatCluster AI