<ciso brief/>
Tag Banner

All news with #entra id tag

all tags →

Thu, October 9, 2025

Velociraptor Abused in Ransomware Attacks by Storm-2603

#Ransomware #Velociraptor #LockBit #Babuk #Warlock #ToolShell #Entra ID #Privilege Escalation #Data Exfil via Tools

🔐 Cisco Talos confirmed ransomware operators abused Velociraptor, an open-source DFIR endpoint tool, to gain arbitrary command execution in August 2025 by deploying an outdated agent vulnerable to CVE-2025-6264. Talos links the activity with moderate confidence to Storm-2603 based on overlapping tooling and TTPs. Operators used the tool to stage lateral movement, deploy fileless PowerShell encryptors, and deliver multiple ransomware families, severely disrupting VMware ESXi and Windows servers.

read more →