A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.
On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation. The bug, which received a 9.8-out-of-10 CVSS severity rating, was disclosed and patched in October. It can be abused to hijack a vulnerable server, if it can be reached over the internet or a…