APT Actively targeting unpatched VMWare Horizon, exploiting Log4j

Share This Post

An Iranian APT is actively targeting unpatched VMWare Horizon systems to exploit Log4j vulnerabilities. The APT is destructive and these attacks often lead to full Ransomware deployment in the victim’s environment.

See the full Sentinel One synopsis here:

https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/



Reach out to our incident response team for help

More To Explore

Information Security News – 07/06/26

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation Article Link: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html ‘Djinn’ Stealer Targets Cloud, AI Credentials Article Link: https://www.darkreading.com/cyberattacks-data-breaches/djinn-stealer-targets-cloud-ai-credentials ChocoPoC Malware Targets

Information Security News – 6/29/26

SimpleHelp Bug Lets Hackers Create Rogue Remote Support Accounts Article Link: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer Article Link: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.