VMware ESXi hypervisors are being targeted by attacks designed to deploy ransomware. The attacks appear to exploit the OpenSLP heap-overflow vulnerability, CVE-2021-21974, which was patched in February 2021. The vulnerability could lead to the execution of arbitrary code by a malicious actor with access to port 427 within the same network segment as ESXi. French cloud services provider OVHcloud has detected the attacks globally, with a focus on Europe and suspects the intrusions are related to a new Rust-based ransomware strain called Nevada. However, the ransom notes seen in the attacks have no similarities to Nevada ransomware and are being tracked under the name ESXiArgs. Users are advised to upgrade to the latest version of ESXi and restrict access to the OpenSLP service to trusted IP addresses.