US Cyber Command, CISA warn of hackers exploiting critical VMware flaw

The move to the cloud has only increased the value of flaws in code built by VMware and other vendors.
The National Security Agency and Cyber Command's Integrated Cyber Center's Joint Operations Center Watch Floor in Fort Meade, Maryland.

Hackers have been leveraging a critical flaw in the software that Silicon Valley vendor VMware uses to manage virtual machines in large data centers, U.S. Cyber Command warned on Saturday.

The flaw allows an attacker to execute code remotely and potentially infiltrate sensitive computing environments that run on VMware’s widely used server management software.

Security fixes have been available since May 25, but the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and Cyber Command, a U.S. military unit, urged users to update their software after researchers discovered at least one public exploit for the vulnerability.

“Please patch immediately!” the command tweeted on Saturday. VMware itself issued an urgent advisory telling clients to apply the patch on May 25.


As corporations and government agencies increasingly use cloud computing to consolidate data, the value of flaws in code built by VMware and other vendors has only grown.

Bad Packets, a Chicago-based threat intelligence provider, reported mass online scanning for the VMware vulnerability on June 3. Not long after that, security researcher Kevin Beaumont said hackers hit a simulated network he set up to detect exploitation of the flaw.

The VMware exploit is the latest case of a critical bug in popular enterprise software offering an opening for an array of capable hackers. Over the last year, federal officials have had to respond to persistent hacking operations that are only exacerbated when organizations fail to update their software.

In recent months, for example, two China-linked hacking groups have been exploiting the Pulse Connect Secure VPN software in activity affecting U.S. government agencies and the defense, transport and telecommunications sectors.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts