VulnHub

Real-time Cybersecurity News

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

The Hacker News
Actively Exploited
RansomwareExploitSymantec

Overview

A new strain of ransomware known as Osiris has been identified, targeting a major food service franchisee operator in Southeast Asia in November 2025. The attackers utilized a malicious driver called POORTRY in a technique known as bring your own vulnerable driver (BYOVD), which helps them disable security measures on the victim's systems. This method allows the ransomware to operate without detection, increasing the risk of data theft and operational disruption. The emergence of Osiris is concerning as it reflects a growing trend in ransomware attacks that exploit existing drivers to bypass security protocols. Organizations, especially those in sensitive sectors like food services, need to be vigilant and ensure their security measures can defend against such sophisticated techniques.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Osiris ransomware, POORTRY driver
  • Action Required: Organizations should implement strict monitoring of driver installations, apply security patches promptly, and enhance endpoint protection to detect and prevent the exploitation of vulnerable drivers.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter

Impact

Osiris ransomware, POORTRY driver

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should implement strict monitoring of driver installations, apply security patches promptly, and enhance endpoint protection to detect and prevent the exploitation of vulnerable drivers.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Exploit, Symantec.

Read Original Article

Related Coverage

Federal court rules Trump election-focused executive order illegal

CyberScoop

A federal court has ruled that an executive order issued by former President Trump, which aimed to create federal voter lists for each state and limit mail-in ballots through the USPS, is unconstitutional. The court's decision effectively nullifies the provisions of the order, impacting how states manage voter registration and mail-in voting processes. This ruling is significant as it addresses the ongoing debate over election integrity and access, particularly in light of concerns raised about voter suppression. The decision may influence future legislation and executive actions related to elections, as it sets a precedent for the limits of federal authority in state election matters.

Jun 25, 2026

PirloTV sports piracy network disrupted as 44 domains seized

BleepingComputer

Law enforcement agencies have taken significant action against the PirloTV sports piracy network, seizing 44 domains associated with the illegal streaming platform. This crackdown aims to disrupt the distribution of unauthorized sports content, which affects both the rights holders of the broadcasts and legitimate viewers. PirloTV has been known for providing free access to premium sports events without proper licensing, leading to financial losses for broadcasters and sports leagues. The seizure of these domains is a part of ongoing efforts to combat online piracy and protect intellectual property rights. This incident serves as a reminder of the legal risks associated with using unlicensed streaming services, as users may also face repercussions.

Jun 25, 2026

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

Infosecurity Magazine

A significant security vulnerability in Cisco's Catalyst SD-WAN Manager has been exploited by attackers months before its public disclosure. The flaw, which was revealed in early June, was reportedly being used in attacks as early as March. This situation raises serious concerns for organizations using Cisco's SD-WAN technology, as they may have been at risk for an extended period without knowledge of the threat. Companies are urged to review their systems and apply any available patches to mitigate potential risks. The exploitation of this vulnerability highlights the importance of timely disclosures and the need for vigilance in monitoring systems for suspicious activity.

Jun 25, 2026

ASIO establishes dedicated teams to counter nation-state cyber sabotage

SCM feed for Latest

Australia's Security and Intelligence Organisation (ASIO) has created specialized teams to address cyber sabotage threats from nation-states targeting the country's critical infrastructure. This move, announced by ASIO Director-General Mike Burgess, reflects increasing concerns about foreign interference and cyber attacks aimed at essential services and systems. By focusing resources on these dedicated units, ASIO aims to enhance its capabilities in detecting and mitigating potential cyber incidents that could disrupt public safety and national security. This development is particularly important as nations globally face rising cyber threats, making it crucial for Australia to strengthen its defenses against such risks.

Jun 25, 2026

Webinar: Why account takeovers remain one of the hardest threats to stop

BleepingComputer

Account takeover attacks remain a significant challenge for organizations as attackers often exploit legitimate accounts and trusted services to gain unauthorized access. This issue complicates detection and response efforts for security teams. A recent webinar discussed how behavioral AI can enhance the identification of compromised accounts, enabling quicker responses to these incidents. The focus is on using advanced technology to automate workflows that can mitigate the risks associated with account takeovers. As these attacks can lead to severe data breaches and financial losses, understanding and addressing them is crucial for businesses and their customers.

Jun 25, 2026

Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply

SecurityWeek

Cal Water, a utility in California, recently investigated a cyberattack attributed to the Iranian hacker group Handala. Despite the hackers claiming they could disrupt the water supply, Mandiant, the cybersecurity firm assisting in the investigation, found no evidence of any operational technology (OT) activity being compromised. This incident raises concerns about the security of critical infrastructure, especially given the attackers' bold claims. While the immediate threat appears to be contained, it serves as a reminder for utilities and other essential services to remain vigilant against potential cyber threats. Ensuring the integrity of water supplies is crucial for public safety and trust.

Jun 25, 2026