Newly emergent threat actor EncryptHub, also known as SkorikARI, was discovered to be engaging in vulnerability research, having been credited by Microsoft for the discovery of a pair of Windows security issues patched as part of last month’s Patch Tuesday update, Security Affairs reports.Vulnerabilities identified and reported by EncryptHub included the high-severity Windows Mark of the Web security feature bypass bug, tracked as CVE-2025-24061, and the medium-severity Windows File Explorer spoofing issue, tracked as CVE-2025-24071, according to a report from Outpost24s KrakenLabs Threat Intelligence Team. Further analysis by KrakenLabs revealed EncryptHub to be a Romania-based Ukrainian who dabbled in vishing and ransomware attacks, as well as vulnerability research, beginning last year after financial struggles and potential imprisonment. “[EncryptHub] has shown and proven a lot of talent finding vulnerabilities and will be a force to be reckoned with if he keeps improving and solving his most glaring weaknesses. That said, his malware, like most throughout history, is not invincible, and cautious users who follow basic security measures are unlikely to fall victim to it,” said the report.