Chinese state-sponsored hackers known as UNC3886 have been abusing a zero-day vulnerability in VMware and Fortinet devices for years, experts have revealed.
A report from Mandiant claims the group used the flaw to deploy malware, steal credentials, and ultimately exfiltrate sensitive data.
The flaw in question is tracked as CVE-2023-34048. It carries a severity score of 9.8/10 (critical), and is described as an out-of-bounds write flaw that allows remote code execution to attackers with…