The Hacker News
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware.
The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers weaponized the on-premises SharePoint vulnerabilities known as ToolShell to obtain initial access and deliver an outdated version of Velociraptor (version 0.73.4.0) that's susceptible to a privilege escalation vulnerability ( CVE-2025-6264 ) to enable arbitrary command execution and endpoint takeover, per Cisco Talos .
In the attack in mid-August 2025, the threat actors are said to have made
Law & Crime
Local News in South Carolina
Reuters US Business
New York Post
Cover Media
WWSB
WBRC
Raw Story
Breitbart News
Crooks and Liars