https://www.bleepingcomputer.com/news/security/encrypthub-linked-to-zero-day-attacks-targeting-windows-systems/

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.

Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed 'MSC EvilTwin' and now tracked as CVE-2025-26633) resides in how MSC files are handled on vulnerable devices.