Find notable cyber news and cases, enriched with sources, timelines, and signals.

Reynolds ransomware BYOVD defense-evasion activity

Malware Activity
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The Reynolds ransomware family now matters because it bundles a vulnerable NsecSoft NSecKrnl driver inside the payload to disable EDR and terminate security processes during attacks. The driver is tied to CVE-2025-68947, which can be used to kill arbitrary processes, making the malware harder to detect and stop. Researchers said the driver is delivered as part of the ransomware itself rather than as a separate pre-positioning tool.

Related Happenings

GodDamn ransomware PoisonX BYOVD activity

Malware Activity
H score15 First: 09.07.2026 13:43 Last: 09.07.2026 13:43 Sources 1

About this happening: The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...

Avalon modular malware framework with CrownX ransomware

Malware Activity
H score33 First: 03.07.2026 21:55 Last: 03.07.2026 21:55 Sources 1

About this happening: The **Avalon** malware framework was uncovered after a **multi-stage phishing chain** that can bypass traditional security controls and deliver **credential theft** plus **ransomw...

Gentlemen ransomware EDR-killer tooling

Malware Activity
H score35 First: 19.06.2026 01:31 Last: 19.06.2026 01:31 Sources 1

About this happening: **Gentlemen ransomware-as-a-service (RaaS)** is actively maintaining a suite of **EDR killers** led by **GentleKiller** to disable endpoint defenses before encryption. ESET says t...

INC ransomware encryptors rewritten in Rust

Malware Activity
H score38 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...

AI-built ransomware toolkit with AD discovery and EDR evasion

Malware Activity
H score36 First: 02.06.2026 23:01 Last: 02.06.2026 23:01 Sources 1

About this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...

Timeline

  1. 10.02.2026 16:36 2 articles · 4mo ago

    Reynolds ransomware bundles a vulnerable driver

    Initial Disclosure

    Reynolds ransomware bundles a vulnerable NsecSoft NSecKrnl driver inside the payload to carry out BYOVD defense evasion, disable Endpoint Detection and Response (EDR), and terminate security processes on affected systems. The driver is linked to CVE-2025-68947, CVSS score: 5.7, and the targeting described includes Avast, CrowdStrike Falcon, Palo Alto Networks Cortex XDR, Sophos with HitmanPro.Alert, and Symantec Endpoint Protection.

    Show sources