Ransomware gangs are actively exploiting the VMware ESXi flaw CVE-2025-22225, which allows attackers to escape the VMX sandbox. Researchers found evidence of a toolkit used in these attacks, indicating that the vulnerabilities were known to the threat actors long before their public disclosure. CISA has confirmed the flaw's involvement in ongoing ransomware incidents.

CISA confirmed that a serious vulnerability in the Linux kernel, CVE-2024-1086, is being actively exploited in ransomware attacks. This flaw allows local attackers to escalate their privileges, potentially gaining root access and compromising entire systems. Federal agencies must secure their systems by June 20, 2024, or implement specific mitigations.

The FBI and CISA have issued a warning regarding the Interlock ransomware, which is specifically targeting critical infrastructure sectors in the United States. This ransomware employs advanced techniques to disrupt operations and demands large ransoms, posing a significant threat to essential services. Organizations are urged to enhance their cybersecurity measures to mitigate the risks associated with such attacks.