Sophos
-
Ransomware gangs use ‘Shanya’ packer-as-a-service to hide EDR-killing payloads
Security researchers say multiple ransomware groups are using the Shanya packer-as-a-service to deliver in-memory, EDR-disabling payloads that side-load DLLs and deploy kernel drivers to stop security software; Sophos published technical analysis and indicators of compromise.
-
China-linked Tick group exploits Lanscope flaw to deploy Gokcpdoor backdoor
A critical Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) has been exploited by the Tick espionage group to deploy a Gokcpdoor backdoor and other tooling, with JPCERT/CC confirming active abuse and researchers advising prompt patching and review of internet-exposed servers.
-
Attackers exploit patched WSUS flaw to deploy infostealer on unpatched Windows servers
Attackers have been observed exploiting CVE-2025-59287 in WSUS to deploy an infostealer on unpatched Windows servers, exfiltrate data to webhook.site URLs and use follow-up tooling including Velociraptor and a UPX-packed Skuld Stealer; agencies and vendors are urging immediate patching and investigation.
