{"uuid": "44e673b6-175a-462a-9af3-044cdbaa7ef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26633", "type": "exploited", "source": "https://t.me/thehackernews/6585", "content": "\ud83d\udea8 A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp.\n\nThey\u2019re hiding in plain sight\u2014using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems.\n\n\ud83d\udc40 Targets? Your data, credentials, and even crypto wallets.\n\n\ud83d\udc80 Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites\u2014pure cyber espionage playbook.\n\n\ud83d\udd17 Learn more: https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html", "creation_timestamp": "2025-03-31T18:44:20.000000Z"}