Tag
Multiple Xen Hypervisor Vulnerabilities Leading to Privilege Escalation, DoS, and Data Confidentiality Compromise
3 rules 3 TTPs 1 CVEMultiple vulnerabilities, including CVE-2025-10263, CVE-2026-42487, CVE-2026-42488, CVE-2026-42489, and CVE-2026-42490, have been discovered in Xen, allowing an attacker to achieve privilege escalation, trigger a remote denial of service, and compromise data confidentiality on vulnerable hypervisor instances.
Citrix XenServer Vulnerabilities Addressed in Security Advisory AV26-400
2 rules 1 TTPCitrix released security advisory AV26-400 on April 28, 2026, addressing vulnerabilities in XenServer versions prior to 8.4, prompting users to apply mitigations.
BRICKSTORM Malware Targeting VMware vSphere Environments
2 rules 2 TTPsThe BRICKSTORM malware targets VMware vSphere environments, specifically vCenter Server Appliance (VCSA) and ESXi hypervisors, by exploiting weak security configurations to establish persistence at the virtualization layer, leading to administrative control and potential data exfiltration.
QEMU Hypervisor Escape via virtio-snd 0-Day
2 rules 2 TTPsAn unpatched vulnerability in QEMU's virtio-snd component allows for a hypervisor escape due to an uncontrolled heap overflow.
SUSE Harvester Rancher Integration Vulnerable to MITM and DOS
3 rules 2 TTPsSUSE Harvester's Rancher integration mechanism is vulnerable to a man-in-the-middle attack due to insecure TLS options, potentially leading to denial of service.
Suspicious QEMU Execution on Windows
2 rules 2 TTPsDetects the execution of QEMU with the -nographic flag and an image file on Windows systems, a technique used for persistence and initial access by installing a rogue Linux virtual machine.