Executive Summary A critical security feature bypass vulnerability in Microsoft Management Console (MMC), identified as CVE-2025-26633, has been weaponized in targeted attacks by Russian-aligned threat actors. This flaw, dubbed “MSC EvilTwin,” enables attackers to craft specially manipulated .msc files and provisioning packages which bypass security features in MMC, leading to malicious code execution and persistent backdoor installation. Security […]
The post Inside the MSC EvilTwin Exploit Chain – How APTs Bypass MMC Security appeared first on SecPod Blog.