Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A New Era of Cyber Threats: The VMware ESXi Zero-Day Vulnerability Exploited by Chinese-Led Hackers



A sophisticated toolkit created by Chinese-led hackers has been discovered exploiting multiple zero-day vulnerabilities in VMware ESXi, a widely used hypervisor in enterprise environments. The attack, which predates the public disclosure of the bugs by over a year, highlights the growing threat landscape and the need for organizations to prioritize patching and security. This article delves into the details of the vulnerability and its implications for organizations worldwide.

  • Beijing-linked hackers are exploiting a severe React bug with maximum severity.
  • AWS has warned about the issue and issued emergency 0-day patches for Apple and Google.
  • Cisco AsyncOS is also being targeted with attacks on its 0-day patch since late November.
  • Skilled attackers have been using these issues before IT teams were aware they existed, according to Huntress's findings.
  • Attackers disabled VMware drivers and loaded unsigned kernel modules to evade detection.
  • This was not a "smash-and-grab" attack, but rather a sophisticated campaign with a wide range of ESXi versions supported.
  • This is not the first time China-linked attackers have been caught abusing zero-days in enterprise software.
  • Attacks can remain undetected for months before victims realize something is wrong.


    • Beijing-linked hackers are hammering max-severity React bug, AWS warns
    Spy turned startup CEO: 'The WannaCry of AI will happen'
    Apple, Google forced to issue emergency 0-day patches
    Attacks pummeling Cisco AsyncOS 0-day since late November

    While organizations scrambled to patch their ESXi hosts once the advisory dropped, Huntress's findings suggest at least some skilled actors were already weaponizing those issues long before IT teams were even aware they existed.
    This wasn't just a smash-and-grab. Huntress says the attackers disabled VMware's own drivers, loaded unsigned kernel modules, and phoned home in ways designed to go unnoticed. The toolkit supported a wide range of ESXi versions, spanning over 150 builds, which would have let the attackers hit a broad swath of environments had they not been stopped, it added.

    It's also not the first time attackers linked to China have been caught quietly abusing zero-days in widely used enterprise software, and campaigns like Volt Typhoon showed how China-linked attackers can sit quietly inside enterprise networks for months, keeping their heads down. In that case, too, most victims had no idea anything was wrong until well after the fact.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-New-Era-of-Cyber-Threats-The-VMware-ESXi-Zero-Day-Vulnerability-Exploited-by-Chinese-Led-Hackers-ehn.shtml

  • https://go.theregister.com/feed/www.theregister.com/2026/01/09/china_esxi_zerodays/

  • https://cybernews.com/security/vmware-virtual-machines-under-attack-by-china-linked-hackers/

  • https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-vmware-zero-day-since-october-2024/

  • https://en.wikipedia.org/wiki/Ryuk_(ransomware)

  • https://www.sentinelone.com/cybersecurity-101/threat-intelligence/ryuk-ransomware/


    • Published: Fri Jan 9 07:41:40 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us