A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp.
They’re hiding in plain sight—using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems. Targets? Your data, credentials, and even crypto wallets.
Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites—pure cyber espionage playbook.