Key Takeaways:
- A newly toolkit shows how attackers can break VM isolation and target the ESXi hypervisor.
- The exploit relies on multiple vulnerabilities and stealth techniques to gain deep, persistent access.
- Timely patching and closer hypervisor-level monitoring are critical to reducing exposure.
Virtual machines are supposed to be isolated by design, but a newly discovered ESXi exploit toolkit proves that assumption can be dangerously wrong. Security researchers disclosed how attackers are escaping guest VMs and taking full control of the hypervisor itself, turning the foundation of virtualized infrastructure into the primary attack surface.
According to security researchers at Huntress, the intrusion began in December 2025, when attackers deployed a highly advanced toolkit to escape virtual machines and compromise the ESXi hypervisor. Evidence within the code suggests development began as early as…
