CVE-2025-26633 is a critical zero-day vulnerability in the Microsoft Management Console (MMC) framework, exploited by the Russian threat actor group Water Gamayun. This vulnerability, also known as MSC EvilTwin, allows attackers to execute malicious code by manipulating .msc files through the Multilingual User Interface Path (MUIPath). By creating deceptive file structures, attackers can trick the system into loading malicious content instead of legitimate files, leading to unauthorized access and data theft.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox