In a notable development within the cybersecurity landscape, a new threat actor known as EncryptHub, or SkorikARI, has emerged, drawing attention for its engagement in vulnerability research. This entity has recently been acknowledged by Microsoft for identifying two significant security vulnerabilities in Windows, which were addressed during last month’s Patch Tuesday update, as reported by Security Affairs.
Vulnerabilities Uncovered
The vulnerabilities brought to light by EncryptHub include a high-severity bypass of the Windows Mark of the Web security feature, designated as CVE-2025-24061, alongside a medium-severity spoofing issue within Windows File Explorer, tracked as CVE-2025-24071. These findings were detailed by the KrakenLabs Threat Intelligence Team from Outpost24.
Further investigation into EncryptHub’s background reveals that this individual, based in Romania and of Ukrainian origin, has a history that includes involvement in vishing and ransomware attacks. Their pivot towards vulnerability research began last year, reportedly spurred by financial difficulties and the looming threat of imprisonment.
According to the KrakenLabs report, “EncryptHub has demonstrated considerable skill in identifying vulnerabilities and could become a formidable player in the cybersecurity arena if he continues to refine his abilities and address his more prominent weaknesses.” However, the report also cautions that, like many malware developers throughout history, EncryptHub’s creations are not foolproof. Users who adhere to basic security protocols are likely to remain safeguarded against potential threats.
