While VMs can be escaped, you should keep in mind that a VM escape is an extremely
So, if you get a piece of "interesting software" containing a VM escape, there's basically two scenarios:
1) you're targeted by a nation-state, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT
2) you're dealing with a potentially nasty piece of malware, but it's using publically-known escape techniques.
Keep your VM software up-to-date! And don't even think
about using sandboxing/containerizing software for testing BadStuff.
PS: while you're not super likely to find VM-escape in the wild, it's a lot more common for malware to have VM detection
- meaning it won't activate when running in a VM, so it lulls you into a false feeling of safety.