Under Siege: The Complete History of VMware Vulnerabilities, Exploits, and Nation-State Attacks

This report reviews VMware-focused threats from 2021–early 2026, documenting critical, high-impact vulnerabilities (multiple CVSS 9.x–10.0 flaws), mass ransomware campaigns (ESXiArgs), VM escape and vCenter exploits, and nation-state zero-days and campaigns (several China-linked clusters). It highlights the strategic risk of hypervisor compromise, the targeting of backup appliances (Dell RecoverPoint CVE-2026-22769), pervasive patching gaps, and recommended defensive priorities: urgent patching, strict network segmentation of management/backups, hypervisor-layer monitoring, and hunting for published IOCs and YARA rules.