The threat entity identified as EncryptHub is persistently taking advantage of a recently addressed security vulnerability affecting Microsoft Windows to deploy harmful payloads.
Trustwave SpiderLabs reported that it has recently detected an EncryptHub operation that combines social manipulation and the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also known as MSC EvilTwin) to activate.