VMware Hacked As $150,000 Zero-Day Exploit Dropped

VMware Hacked As $150,000 Zero-Day Exploit Dropped

The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. This latest development has left the security community buzzing, and we're here to break down what happened.

Having already made the headlines with no less than three zero-days compromising Windows 11 on day one of the hacking competition, day two kept the security surprises well and truly coming. The hackers at Pwn2Own have been pushing the boundaries of what's possible, and this latest exploit is just the latest example.

Organizations have had a lot to digest regarding enterprise technology security issues over the last few weeks. With the U.S. Cybersecurity and Infrastructure Security Agency urging them to ensure they are protected against a high-severity Chrome vulnerability already being exploited in the wild, HTTPBot attackers targeting business Windows networks, and Microsoft confirming a critical 10/10 cloud security vulnerability, it's clear that security is on everyone's mind.

You might think that the news of VMware ESXi being hacked using a $150,000 zero-day exploit is the icing on the security nightmare cake, but you couldn't be more wrong. Context is everything, and the context here is the environment in which that zero-day was dropped. Pwn2Own is a twice-yearly hackathon where some of the world's leading hackers come together in friendly competition to see who can hack products and services, within strict time limits, using never-before-seen zero-day exploits, and earn the title Master of PWN.

The good news is that this is all above board and legal. Remember that hacking is not a crime, folks, and the products and services being hacked have been submitted by the vendors for the purposes of discovering vulnerabilities before cybercriminals do. In the case of the VMware ESXi zero-day exploit, this was the first time in Pwn2Own's history, stretching back to 2007, that the hypervisor has been successfully exploited.

The hacker behind the achievement, Nguyen Hoang Thach, who is part of the STARLabs SG team, was able to deploy a single integer overflow exploit. This earned them a not-too-shabby reward of $150,000 on the spot, as well as 15 valuable points towards the coveted Master of PWN title.

One Of The Best Netflix Shows Ever Made Returns Today For A Wild New Season Microsoft Confirms Windows Upgrade Choice—You Must Now Decide A Dust Storm In Chicago? - Here’s What We Know From Experts I have reached out to Broadcom for a statement regarding the VMware ESXi zero-day at Pwn2Own, and will update this article should one be available.