VulnHub

Real-time Cybersecurity News

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

BleepingComputer
Actively Exploited
VMwareMalware

Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a new malware threat named BrickStorm, which is being used by Chinese hackers to backdoor VMware vSphere servers. This poses a significant risk to organizations using these servers, as it could lead to unauthorized access and potential data breaches.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: VMware vSphere servers
  • Action Required: Organizations are advised to implement security best practices, including regular updates and patches for VMware products, network segmentation, and monitoring for unusual activity on their servers.
  • Timeline: Newly disclosed

Original Article Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. [...]

Impact

VMware vSphere servers

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations are advised to implement security best practices, including regular updates and patches for VMware products, network segmentation, and monitoring for unusual activity on their servers.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to VMware, Malware.

Read Original Article

Related Coverage

ROCA: Infineon TPM and Secure Element RSA Vulnerability Guidance

NCSC Feed

The ROCA vulnerability affects certain Infineon Trusted Platform Modules (TPMs) and Secure Elements, which are used in various devices for secure cryptographic functions. This flaw allows attackers to potentially recover private RSA keys, compromising the security of encrypted communications and data for users. Devices that utilize these components could be at risk, making it crucial for manufacturers and users to assess their systems. The vulnerability is significant because it could expose sensitive information and undermine trust in security protocols. Users and organizations that rely on affected devices need to take immediate action to secure their systems and protect their data.

Feb 28, 3025

Cyber Assessment Framework 3.2

NCSC Feed

The latest version of the Cyber Assessment Framework (CAF) has been released, aiming to address the rising threats to critical national infrastructure. This update emphasizes the need for organizations to reassess their cybersecurity strategies in light of evolving risks. The framework aims to provide guidance on how to enhance resilience against potential cyberattacks that could impact essential services and systems. It is particularly relevant for government agencies, utility providers, and other sectors that rely on critical infrastructure. By adopting the updated CAF, organizations can better prepare for and mitigate the risks posed by increasingly sophisticated cyber threats.

Jan 22, 2277

Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

The Hacker News

Three vulnerabilities have been found in the PCIe Integrity and Data Encryption (IDE) protocol, affecting systems using PCIe Base Specification Revision 5.0 and newer. These flaws could allow local attackers to manipulate data integrity, leading to potentially serious consequences for the affected systems. The vulnerabilities stem from a new protocol mechanism introduced in a recent engineering change notice, which has not been adequately secured. This issue is particularly concerning for organizations relying on PCIe 5.0+ for high-speed data transfers and secure communications, as they may be at risk of unauthorized data handling. Users and companies should assess their systems for these vulnerabilities and consider implementing security measures to mitigate the risks.

Dec 10, 2025

Ukrainian hacker charged with helping Russian hacktivist groups

BleepingComputer

U.S. prosecutors have charged a Ukrainian woman for allegedly assisting Russian hacktivist groups in launching cyberattacks against critical infrastructure globally. These attacks targeted essential systems, including U.S. water and election systems, as well as nuclear facilities. This case highlights the ongoing threat posed by state-backed hacking groups and the potential vulnerabilities in vital infrastructure that could affect public safety and national security. The charges also reflect the increasing complexity of cyber warfare, where individuals are recruited across borders to support hostile cyber operations. This incident serves as a reminder of the interconnected nature of cybersecurity and geopolitical tensions.

Dec 10, 2025

FBI Warns of Fake Video Scams

Schneier on Security

The FBI has issued a warning about a new scam involving fake kidnapping threats that utilize AI-generated images. Scammers contact victims via text, claiming to have abducted a loved one and demanding ransom for their release. To make their threats more convincing, they often send images or videos of the supposed victim, which may look real at first glance but often contain discrepancies, such as missing tattoos or wrong body proportions. These criminals may use timed messages to pressure victims into paying quickly, reducing the chance for them to scrutinize the evidence. This type of scam not only preys on the emotional vulnerability of individuals but also highlights the growing misuse of technology in criminal activities, making it essential for people to stay vigilant and verify claims before taking action.

Dec 10, 2025

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

SecurityWeek

Siemens, Rockwell Automation, and Schneider Electric have recently patched multiple vulnerabilities across their industrial control systems (ICS). These vulnerabilities could potentially allow attackers to gain unauthorized access or disrupt operations. The updates affect a variety of products, including Siemens' SCADA systems and Rockwell's automation software. Users of these systems are strongly advised to apply the patches to protect against possible exploitation. As cyber threats to critical infrastructure continue to evolve, timely updates are essential to maintain system integrity and security.

Dec 10, 2025