⚠️ VMware admins, your hypervisor just became the main course at the ransomware buffet. Scattered Spider is back — fresh FBI/CISA heat says they’re hijacking ESXi via slick help‑desk spoofing then locking the whole farm in hours.
TechRadar
Cybersecurity Dive
🔓 Why does it work? CVE‑2024‑37085 hands root access to anyone who can resurrect a deleted “ESXi Admins” group in AD — no exploit kit required.
NVD
💀 Add Babuk‑leak encryptors + double‑extortion playbooks and you’ve got sector‑wide chaos from hospitals to airlines.
Google Cloud
🤔 Your move: are you patch‑complete, AD‑hardened, and MFA‑everywhere — or praying tonight’s backup actually restores? Drop your best (or worst) war story below.
Full analysis → https://blog.alphahunt.io/hypervisor-ransomware-cve-2024-37085-ad-abuse-and-the-escalating-threat-to-vmware-esxi-environments/
Subscribe for weekly intel before the next breach hits.
#AlphaHunt #CyberSecurity #Ransomware #VMware #ESXi