BYOVD Archives • Daily CyberSecurity

Warlock Ransomware Evolves: New Tools and Kernel-Level Evasion Threaten Global Sectors EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

Warlock Ransomware Evolves: New Tools and Kernel-Level Evasion Threaten Global Sectors

Do Son March 19, 2026

The Warlock ransomware group (also tracked as Water Manaul) has significantly sharpened its claws. A recent deep-dive...

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems

Do Son March 18, 2026

Aryaka Threat Labs has unmasked a sophisticated malware operation dubbed BlackSanta. This Russian-speaking threat actor has spent...

Silent Killer: Black Basta Bundles “BYOVD” Driver to Blind Antivirus INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

Silent Killer: Black Basta Bundles “BYOVD” Driver to Blind Antivirus

Do Son February 10, 2026

The notorious Black Basta ransomware group has upgraded its arsenal with a dangerous new capability, embedding defense...

Game Over: Interlock Ransomware Weaponizes Anti-Cheat Zero-Day to Kill EDR Interlock Ransomware Anti-Cheat BYOVD

Game Over: Interlock Ransomware Weaponizes Anti-Cheat Zero-Day to Kill EDR

Do Son February 4, 2026

A sophisticated ransomware group known as Interlock is turning the tables on defenders by weaponizing a tool...

“Osiris” Rises: New Ransomware Targets Southeast Asian Food Giant with Advanced Tactics Osiris Ransomware Inc Ransomware Connection CountLoader Massive Ransomware Campaign CVE-2025-0289

Osiris Ransomware Inc Ransomware Connection CountLoader Massive Ransomware Campaign CVE-2025-0289

“Osiris” Rises: New Ransomware Targets Southeast Asian Food Giant with Advanced Tactics

Do Son January 26, 2026

A new ransomware family, borrowing the name of the ancient Egyptian god of the dead, has emerged...

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit

Do Son January 8, 2026

In a new report, the Huntress Tactical Response Team details a sophisticated intrusion discovered in December 2025...

Emerging Gentlemen Ransomware Hits 17 Countries with Double Extortion & BYOVD Evasion Tactics Gentlemen Ransomware, BYOVD Double Extortion

Emerging Gentlemen Ransomware Hits 17 Countries with Double Extortion & BYOVD Evasion Tactics

Do Son December 17, 2025

A sophisticated new ransomware operator has rapidly ascended the ranks of the cybercriminal underworld, targeting industries across...

GOLD BLADE APT Hits Canadian Firms with BYOVD EDR Killer and Ransomware Delivered Via Fake Resumes GOLD BLADE Canada, BYOVD EDR Killer

GOLD BLADE APT Hits Canadian Firms with BYOVD EDR Killer and Ransomware Delivered Via Fake Resumes

Do Son December 12, 2025

A notorious threat group has pivoted its focus to the Great White North, unleashing a sophisticated campaign...

Makop Ransomware Evolves: GuLoader and BYOVD EDR Killers Used to Attack RDP-Exposed Networks Cuckoo Spear campaign - APT 10

Makop Ransomware Evolves: GuLoader and BYOVD EDR Killers Used to Attack RDP-Exposed Networks

Do Son December 11, 2025

A familiar threat has returned with new tricks, proving that cybercriminals don’t need sophisticated custom code to...

DeadLock Ransomware Deploys BYOVD EDR Killer by Exploiting Baidu Driver for Kernel-Level Defense Bypass DeadLock Ransomware, BYOVD EDR Killer

DeadLock Ransomware Deploys BYOVD EDR Killer by Exploiting Baidu Driver for Kernel-Level Defense Bypass

Do Son December 11, 2025

A financially motivated threat group is deploying a new ransomware strain known as “DeadLock,” utilizing advanced “Bring...

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase DragonForce BYOVD, Conti Codebase

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase

Do Son November 11, 2025

The Acronis Threat Research Unit (TRU) has identified a new DragonForce ransomware variant that showcases a dramatic...

Agenda Ransomware Bypasses EDR by Deploying Linux Binary on Windows via Splashtop; Steals Veeam Credentials ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Agenda Ransomware Bypasses EDR by Deploying Linux Binary on Windows via Splashtop; Steals Veeam Credentials

Do Son October 27, 2025

Trend Research has uncovered a highly sophisticated ransomware campaign by the Agenda group, also known as Qilin,...

Warlock Ransomware Hits US Firms Exploiting SharePoint Zero-Day, Linked to China’s CamoFei APT Warlock Ransomware, SharePoint Zero-Day

Warlock Ransomware Hits US Firms Exploiting SharePoint Zero-Day, Linked to China’s CamoFei APT

Do Son October 24, 2025

Researchers from Symantec and Carbon Black have published a detailed analysis of Warlock ransomware, a newly emerging...

Researcher Demonstrates Local Privilege Escalation in Legacy Windows Modem Driver Exploited in the Wild CVE-2025-24990 Agere Modem Driver, Arbitrary Kernel R/W

CVE-2025-24990 Agere Modem Driver, Arbitrary Kernel R/W

Researcher Demonstrates Local Privilege Escalation in Legacy Windows Modem Driver Exploited in the Wild

Do Son October 22, 2025

Security researcher Jordan Jay has published an extensive technical breakdown of CVE-2025-24990, a high-severity Elevation of Privilege...

GOLD SALEM: A New Ransomware Group Is Exploiting SharePoint Flaws Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

GOLD SALEM: A New Ransomware Group Is Exploiting SharePoint Flaws

Do Son September 22, 2025

Researchers from the Sophos Counter Threat Unit (CTU) have published new intelligence on a rising ransomware group...

kkRAT: A New Malware Blends Crypto Hijacking with Legitimate RMM Tools

Do Son September 12, 2025

Zscaler ThreatLabz has identified a sophisticated malware campaign active since early May 2025, targeting Chinese-speaking users with...

Silver Fox APT Exploits Microsoft-Signed Driver to Deploy ValleyRAT Backdoor Silver Fox, vulnerable driver

Silver Fox APT Exploits Microsoft-Signed Driver to Deploy ValleyRAT Backdoor

Do Son September 1, 2025

Check Point Research (CPR) has uncovered a sophisticated campaign by the Silver Fox APT group leveraging a...

BYOVD Attack: A New AV Killer Exploits a Legitimate Driver to Neutralize Defenses for MedusaLocker Ransomware

Do Son August 7, 2025

A recent incident response operation in Brazil has revealed a stealthy and destructive threat abusing the trusted...

Storm-2603: Chinese APT Deploys Warlock & LockBit with AK47C2 Framework Antivirus Terminator supported arguments when run without parameters

Storm-2603: Chinese APT Deploys Warlock & LockBit with AK47C2 Framework

Do Son August 4, 2025

Check Point Research (CPR) has detailed a previously undocumented Chinese-affiliated threat actor—Storm-2603—linked to aggressive campaigns exploiting Microsoft...

CrazyHunter Ransomware Targets Taiwan’s Critical Infrastructure CrazyHunter, Ransomware

CrazyHunter Ransomware Targets Taiwan’s Critical Infrastructure

Do Son April 17, 2025

Trend Micro has uncovered a targeted ransomware campaign conducted by a newly identified threat group dubbed CrazyHunter....

Critical Alert 1 Active Exploit Detected Today