VulnHub

Real-time Cybersecurity News

Payouts King ransomware abuses QEMU for hidden VMs and backdoors

SCM feed for Latest
Actively Exploited
Ransomware

Overview

The Payouts King ransomware group is using the QEMU emulator to create hidden virtual machines on infected systems, allowing them to set up reverse SSH backdoors. This tactic helps the attackers circumvent traditional endpoint security measures, making it harder for victims to detect and respond to the intrusion. By utilizing these hidden VMs, the ransomware can operate stealthily, increasing the likelihood of successful data exfiltration and ransom demands. Organizations that fall victim to this ransomware may face significant operational disruptions and financial losses. It's crucial for companies to enhance their security protocols to guard against such sophisticated attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: QEMU emulator, endpoint security systems
  • Action Required: Organizations should strengthen their endpoint security measures, monitor for unusual virtual machine activity, and ensure that all systems are regularly updated and patched.
  • Timeline: Newly disclosed

Original Article Summary

The Payouts King ransomware operation is leveraging the QEMU emulator to create hidden virtual machines and establish reverse SSH backdoors on compromised systems, allowing them to bypass endpoint security measures.

Impact

QEMU emulator, endpoint security systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should strengthen their endpoint security measures, monitor for unusual virtual machine activity, and ensure that all systems are regularly updated and patched.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware.

Read Original Article

Related Coverage

Vercel Employee's AI Tool Access Led to Data Breach

darkreading

A data breach at Vercel was linked to an employee's AI tool that inadvertently exposed sensitive OAuth tokens. These tokens are key for securely accessing APIs and services, and their theft represents a new avenue for cyber attackers, allowing them to move laterally within networks. The incident raises concerns for organizations that rely on OAuth for authentication, as these tokens are crucial for maintaining security. As a result, companies need to reassess their security measures surrounding OAuth token management to prevent similar breaches in the future. This situation serves as a reminder of the vulnerabilities that can arise from integrating AI tools without stringent security protocols.

Apr 20, 2026

Serial-to-IP Devices Hide Thousands of Old and New Bugs

darkreading

Researchers have discovered that serial-to-IP devices, which are essential for converting machine language into internet-compatible formats, have thousands of vulnerabilities. These devices are increasingly attracting the attention of cyber attackers, raising concerns about the security of industrial systems that rely on them. The vulnerabilities range from old issues to more recent discoveries, putting various industries at risk. As these devices are widely used in operational technology (OT) environments, companies must take immediate steps to secure their systems. The situation emphasizes the need for regular security assessments and updates to protect against potential exploitation.

Apr 20, 2026

Seiko USA website defaced as hacker claims customer data theft

BleepingComputer

The Seiko USA website was hacked over the weekend, resulting in a defacement that included a message from the attackers claiming to have stolen customer data from its Shopify database. The hackers threatened to release this data unless a ransom is paid. This incident raises concerns for customers who may have shared their personal information with Seiko USA, as it could lead to identity theft or fraud if the data is leaked. The event highlights the ongoing risks that e-commerce platforms face from cybercriminals looking to exploit vulnerabilities for financial gain. As a reputable brand, Seiko USA's breach could also damage its reputation and customer trust if the claims are verified.

Apr 20, 2026

AI code reviewer fooled by spoofed developer identity

SCM feed for Latest

Manifold Security recently demonstrated a security flaw in AI code review systems, specifically one using the Claude model. They showed that the AI accepted harmful code changes after an attacker spoofed the identity of a trusted developer. This incident raises concerns about the reliability of AI in verifying code integrity, especially when human-like identifiers can be easily mimicked. If such vulnerabilities remain unaddressed, they could lead to significant security breaches in software development processes. Organizations that rely on AI for code reviews must reassess their safeguards to prevent similar attacks.

Apr 20, 2026

Man sentenced for hacking U.S. Supreme Court and government systems

SCM feed for Latest

Nicholas Moore has been sentenced to one year of probation for hacking into the U.S. Supreme Court's electronic document filing system on multiple occasions over several months. This incident raises concerns about the security of sensitive government systems and the potential for unauthorized access to legal documents. Although the specific details of how Moore gained access haven't been disclosed, his actions demonstrate vulnerabilities in the digital infrastructure of key government institutions. This case serves as a reminder that cybersecurity is a critical issue for all branches of government, as breaches could lead to the exposure of confidential information and undermine public trust in the judicial system.

Apr 20, 2026

ZionSiphon Malware Targets Water Infrastructure Systems

Infosecurity Magazine

ZionSiphon malware has emerged as a significant threat targeting operational technology (OT) systems within water infrastructure. This malicious software is capable of conducting sabotage and scanning industrial control systems (ICS), which raises serious concerns about the security of essential water services. Water utilities could be at risk, as this malware could disrupt operations or compromise the integrity of water supply management. Researchers are urging organizations in the water sector to bolster their cybersecurity measures to protect against such targeted attacks. The implications are severe, as any disruption to water services can affect public health and safety.

Apr 20, 2026