VulnHub

Real-time Cybersecurity News

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

The Hacker News
Actively Exploited
RansomwareExploitSymantec

Overview

A new strain of ransomware known as Osiris has been identified, targeting a major food service franchisee operator in Southeast Asia in November 2025. The attackers utilized a malicious driver called POORTRY in a technique known as bring your own vulnerable driver (BYOVD), which helps them disable security measures on the victim's systems. This method allows the ransomware to operate without detection, increasing the risk of data theft and operational disruption. The emergence of Osiris is concerning as it reflects a growing trend in ransomware attacks that exploit existing drivers to bypass security protocols. Organizations, especially those in sensitive sectors like food services, need to be vigilant and ensure their security measures can defend against such sophisticated techniques.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Osiris ransomware, POORTRY driver
  • Action Required: Organizations should implement strict monitoring of driver installations, apply security patches promptly, and enhance endpoint protection to detect and prevent the exploitation of vulnerable drivers.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter

Impact

Osiris ransomware, POORTRY driver

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should implement strict monitoring of driver installations, apply security patches promptly, and enhance endpoint protection to detect and prevent the exploitation of vulnerable drivers.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Exploit, Symantec.

Read Original Article

Related Coverage

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Security Affairs

Italy's Foreign Minister Antonio Tajani announced that the country successfully thwarted a series of cyberattacks linked to a pro-Russian group known as Noname057(16). These attacks targeted various entities, including the Foreign Ministry offices, with one affecting operations in Washington, D.C. Additionally, the group aimed at disrupting websites and hotels associated with the upcoming Milano Cortina 2026 Winter Olympics. This incident highlights ongoing cybersecurity concerns related to geopolitical tensions, particularly as major international events approach. The Italian government’s proactive measures demonstrate the importance of safeguarding critical infrastructure and national security against external threats.

Feb 5, 2026

Romanian oil pipeline operator Conpet discloses cyberattack

BleepingComputer

Conpet, Romania's national oil pipeline operator, reported a cyberattack on Tuesday that disrupted its business operations and took down its website. The attack affected the company’s ability to manage its systems effectively, although details on the type of attack or the perpetrators have not been disclosed. This incident raises concerns about the security of critical infrastructure, particularly in the energy sector, where such attacks can have significant implications for supply chains and national security. As authorities investigate, it’s crucial for companies in similar sectors to review their cybersecurity measures to prevent similar disruptions in the future.

Feb 5, 2026

More than 10,000 IPs hijacked by SystemBC botnet

SCM feed for Latest

Researchers have discovered that the SystemBC botnet has hijacked over 10,000 IP addresses, indicating that the botnet is still being actively developed despite previous efforts to disrupt it through 'Operation Endgame.' This ongoing activity raises concerns for internet security, as the SystemBC botnet is known for facilitating various cybercriminal activities, including the distribution of malware. The persistence of this threat suggests that attackers are adapting and finding new ways to maintain their operations, which could lead to increased risks for businesses and individual users alike. Companies should remain vigilant and consider strengthening their defenses against such botnets to protect their networks and data.

Feb 5, 2026

Malicious Commands in GitHub Codespaces Enable RCE

Infosecurity Magazine

Recent security research has uncovered vulnerabilities in GitHub Codespaces that could allow attackers to execute malicious commands remotely. These flaws can be exploited through specially crafted repositories or pull requests, putting users and organizations that rely on this service at risk. If successfully exploited, attackers could gain unauthorized access to sensitive code or data, leading to potential data breaches or system compromises. This incident emphasizes the need for developers and companies using GitHub Codespaces to remain vigilant and implement necessary security measures to protect their environments. Users are urged to monitor for updates from GitHub regarding this issue.

Feb 5, 2026

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

SecurityWeek

Researchers have uncovered a sophisticated scam operation that uses artificial intelligence to clone more than 150 law firm websites. These cloned sites are designed to deceive potential clients into sharing personal information or making payments. The criminals are employing tactics like hiding behind Cloudflare to mask their identities and frequently changing their IP addresses to evade detection. This operation raises serious concerns for anyone seeking legal services online, as unsuspecting users could easily fall victim to these fraudulent sites. It highlights the growing use of AI in cybercrime and the need for increased vigilance from both consumers and cybersecurity professionals.

Feb 5, 2026

Smartphones Now Involved in Nearly Every Police Investigation

Infosecurity Magazine

According to data from Cellebrite, smartphones have become integral to almost every police investigation. This trend emphasizes the growing reliance on digital evidence in law enforcement, as officers increasingly turn to data from mobile devices to solve cases. The information gathered from these devices can include text messages, call logs, location data, and photos, all of which can provide critical insights into criminal activities. The findings suggest that as technology continues to evolve, police methods are also adapting, making digital forensics a key component in modern investigations. This shift raises important questions about privacy and data security, as the line between personal information and investigative needs becomes increasingly blurred.

Feb 5, 2026