A new Windows weakness in Microsoft Management Console (MMC), tracked as CVE-2025-26633 and nicknamed “MSC EvilTwin,” is being used by an advanced threat group Water Gamayun (also known as EncryptHub/LARVA-208 to bypass security checks and run malicious code. Attackers send a booby-trapped .msc or installer file through a phishing email. If an employee opens it, […]
The post CVE-2025-26633 “MSC EvilTwin”: The One-Click Windows Exploit That Can Lead to Data Theft, Downtime, and Ransom Demands appeared first on SecPod Blog.