VulnHub

Real-time Cybersecurity News

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

Security Affairs
Actively Exploited
RansomwareUpdateSymantec

Overview

A new ransomware strain called Osiris was identified in a November 2025 attack targeting a significant food service franchise in Southeast Asia. Researchers from Symantec and Carbon Black reported that the attackers used a malicious driver known as POORTRY through a technique called Bring Your Own Vulnerable Driver (BYOVD) to disable security tools. This method allowed the ransomware to operate without detection, posing a serious risk to the affected organization. With ransomware attacks on the rise, this incident highlights the need for companies to strengthen their defenses against evolving tactics. The incident serves as a reminder for businesses to continuously update their security measures and remain vigilant against such threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Osiris ransomware, POORTRY driver
  • Action Required: Companies should strengthen their security measures, update antivirus software, and monitor for unusual activity to mitigate risks from ransomware attacks.
  • Timeline: Newly disclosed

Original Article Summary

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver, […]

Impact

Osiris ransomware, POORTRY driver

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Companies should strengthen their security measures, update antivirus software, and monitor for unusual activity to mitigate risks from ransomware attacks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Update, Symantec.

Read Original Article

Related Coverage

FCC passes new cybersecurity rules for emergency systems, undersea cables

CyberScoop

The Federal Communications Commission (FCC) has approved new cybersecurity regulations aimed at enhancing the security of national emergency systems and the review processes for undersea cable providers. These rules are designed to prevent potential hijacking of emergency systems, which could lead to significant public safety risks. Additionally, the updated security measures for undersea cables are crucial, as these cables are vital for global communications and can be targets for cyber attacks. The changes reflect a growing recognition of the need to protect critical infrastructure from evolving cybersecurity threats. This move is expected to bolster the overall resilience of the nation’s emergency response capabilities and communication networks.

Jun 25, 2026

Local Police Collusion Hampers Crackdown on Asian Scam Centers

darkreading

Despite ongoing efforts by law enforcement to crack down on cybercrime, scam centers targeting individuals, particularly in Asian communities, continue to thrive. These centers are part of a larger network that siphons billions of dollars from victims, taking advantage of the lack of effective local oversight. Alarmingly, there are indications of collusion between some local police forces and these scam operations, which complicates enforcement efforts. This situation not only affects the victims directly targeted by these scams but also undermines the trust in law enforcement's ability to protect communities. The persistence of these scams signals a troubling trend in cybercrime that requires urgent attention and action from authorities.

Jun 25, 2026

Federal court rules Trump election-focused executive order illegal

CyberScoop

A federal court has ruled that an executive order issued by former President Trump, which aimed to create federal voter lists for each state and limit mail-in ballots through the USPS, is unconstitutional. The court's decision effectively nullifies the provisions of the order, impacting how states manage voter registration and mail-in voting processes. This ruling is significant as it addresses the ongoing debate over election integrity and access, particularly in light of concerns raised about voter suppression. The decision may influence future legislation and executive actions related to elections, as it sets a precedent for the limits of federal authority in state election matters.

Jun 25, 2026

PirloTV sports piracy network disrupted as 44 domains seized

BleepingComputer

Law enforcement agencies have taken significant action against the PirloTV sports piracy network, seizing 44 domains associated with the illegal streaming platform. This crackdown aims to disrupt the distribution of unauthorized sports content, which affects both the rights holders of the broadcasts and legitimate viewers. PirloTV has been known for providing free access to premium sports events without proper licensing, leading to financial losses for broadcasters and sports leagues. The seizure of these domains is a part of ongoing efforts to combat online piracy and protect intellectual property rights. This incident serves as a reminder of the legal risks associated with using unlicensed streaming services, as users may also face repercussions.

Jun 25, 2026

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

Security Affairs

Mistic is a new backdoor being used by a group linked to KongTuke, aimed at maintaining long-term access to networks targeted by ransomware attacks. Security researchers from Symantec have identified Mistic in attacks primarily directed at sectors like insurance, education, IT, and professional services. This backdoor allows attackers to operate quietly over an extended period, making it a serious concern for organizations in these industries. The stealthy nature of Mistic means that it can evade detection while enabling further exploitation of compromised systems. Companies should be vigilant and enhance their security measures to prevent such intrusions.

Jun 25, 2026

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

Infosecurity Magazine

A significant security vulnerability in Cisco's Catalyst SD-WAN Manager has been exploited by attackers months before its public disclosure. The flaw, which was revealed in early June, was reportedly being used in attacks as early as March. This situation raises serious concerns for organizations using Cisco's SD-WAN technology, as they may have been at risk for an extended period without knowledge of the threat. Companies are urged to review their systems and apply any available patches to mitigate potential risks. The exploitation of this vulnerability highlights the importance of timely disclosures and the need for vigilance in monitoring systems for suspicious activity.

Jun 25, 2026