Cisco Talos researchers on 24 July 2025 detailed Chaos, a newer Ransomware-as-a-Service (RaaS) group that specializes in big company hunting and double extortion attacks (meaning it both encrypts victim files and steals data for potential leaking). According to Cisco Talos, the group emerged in early February 2025 and appears to be made up of former BlackSuit ransomware gang members "based on similarities in the ransomware's encryption methodology, ransom note structure, and the toolset used in
esxi (4)
Security researchers have reported on one of the fastest-growing and most formidable Ransomware-as-a-Service (RaaS) groups of 2025. Named “BlackLock” (aka El Dorado or Eldorado), the RaaS outfit has existed since March 2024, according to ReliaQuest, and has increased its number of data leak posts by an impressive 1425% quarter-on-quarter in Q4 of last quarter.
The threat intelligence vendor claimed that BlackLock could become the most active RaaS group in 2025. Although, like many other variants
Our friends at the State of NJ, NJCCIC has provided a valuable alert - Vulnerable VMware ESXi Servers Targeted in Ransomware Attacks.
Ransomware groups are actively exploiting a 2-year-old heap-overflow vulnerability, CVE-2021-21974 (CVSS v3.1 8.8), affecting OpenSLP used in VMware ESXi servers for versions 6.x and prior to 6.7, though threat actors may be leveraging other vulnerabilities or attack vectors, as earlier builds of ESXi appear to have also been compromised. European cybersecurity
Recent reporting by CrowdStrike indicates that two productive cybercrime threat groups, Carbon Spider (CS) and Sprite Spider (SS) are spreading hate and discontent against VMware’s ESXi.
ESXi is a Type-1 hypervisor (also known as a “bare-metal” hypervisor) developed by VMware. A hypervisor is software that runs and manages virtual machines (VMs). In contrast to Type-2 hypervisors that run on a conventional host operating system, a Type-1 hypervisor runs directly on a dedicated host’s hardware.
