SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before ...

VMware ESXi zero-days likely exploited a year before disclosure

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted ...
The Hacker News

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain ...

China-linked cybercrims abused VMware ESXi zero-days a year before disclosure

Chinese-linked cybercriminals were sitting on a working VMware ESXi hypervisor escape kit more than a year before the bugs it ...
Bleeping Computer

VMware warns of critical vulnerabilities in multiple products

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks. "This critical vulnerability should ...
FedScoop

CISA directs civilian agencies to patch ‘critical’ VMware vulnerabilities

The Cybersecurity and Infrastructure Security Agency issued an emergency directive Wednesday requiring federal civilian agencies to patch vulnerable VMware products that could be chained together for ...
Threat Post

VMware Patches VM Escape Vulnerability

VMware patched a vulnerability in Workstation and Fusion that could allow an attacker to run code on a host machine. VMware quickly turned around a patch for a critical code execution flaw that was ...
Threat Post

VMware Issues 3 Critical Patches for vSphere Data Protection

VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. VMware, a Dell Technologies subsidiary, released several patches Tuesday ...