ESXiArgs Ransomware Targets ESXi OpenSLP Vulnerability (CVE-2021-21974)
VMware ESXi servers vulnerable to a heap-overflow defect in OpenSLP are being actively targeted.
Successful infections result in systems infected with ESXiArgs ransomware.
The flaw is tracked under CVE-2021-21974.
CERT-FR recalls that the CVE-2021-21974 vulnerability affects the following systems:
ESXi 7.x versions earlier than ESXi70U1c-17325551
ESXi versions 6.7.x earlier than ESXi670-202102401-SG
ESXi versions 6.5.x earlier than ESXi650-202102101-SG
CERT-FR recommends applying without delay the workaround, which consists of disabling the SLP service on ESXi hypervisors that have not been updated.
Featured Resources
View More Resources
blog
Kerberos Authentication Relay Via CNAME Abuse
Originally published January 15, 2026. Updated January 21, 2026, with new attack scenarios in Cymulate Exposure Validation. Cymulate Research Labs
blog
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
A subtle Azure SSO token validation flaw allowed attackers to escalate privileges and move laterally across WAC-managed systems.
blog
Evolving Vulnerability Management to Continuous Threat Exposure Management
Shift from reactive vulnerability management to continuous, threat-validated exposure management for real risk resilience.