news
Windows TCO and Blaming Linux for Microsoft's Hyper-V (Proprietary)
-
Scoop News Group ☛ Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks
The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.
-
Security Week ☛ Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks [Ed: Microsoft transmits malware again]
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux.
-
Silicon Angle ☛ JFrog discloses CVSS 9.8 React vulnerability putting millions of developers at risk
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, the open-source JavaScript library developed by Meta Platforms Inc., that potentially puts millions of developers at risk of remote code execution.
-
Bleeping Computer ☛ Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware.
-
Hackers Use Hyper-V to Deploy Linux Malware on Windows Systems
The Russian-aligned APT group Curly COMrades are deploying hidden Alpine Linux virtual machines (VMs) on compromised Windows hosts via Microsoft Hyper-V.
The technique allows attackers to isolate their malware from host-based detection tools and maintain long-term covert access.
The operation was discovered in mid-2025 during a joint investigation by Bitdefender and the Georgian CERT, when suspicious activity was traced back to a compromised Georgian website that was also serving as an attacker-controlled proxy. The deeper forensic analysis revealed a previously undocumented strategy of using native Windows virtualization to run stealthy Linux-based malware, avoiding the reach of traditional endpoint defenses.