Researchers said an Iran-linked threat actor was exploiting the Log4j vulnerability in order to deploy backdoors, harvest credentials and other malicious activities.
Researchers found an announcement on an underground forum for LockBit Linux-ESXi Locker version 1.0 in October.
An unknown threat group is exploiting the Log4j vulnerability in VMware Horizon servers to install webshells for further malicious activity.
There is active exploitation of the vCenter Server bug disclosed last week, along with mass scanning activity looking for vulnerable servers.
VMware has released a fix for a critical file-upload vulnerability, along with nearly 20 other bugs in vCenter Server.