Introduction

In a stunning revelation, EncryptHub, a notorious name in the world of cybercrime linked to attacks on over 618 organizations, has taken a surprising turn by reporting two critical Windows zero-day vulnerabilities to Microsoft.

The Vulnerabilities

The vulnerabilities, identified as CVE-2025-24061 (a Mark of the Web bypass) and CVE-2025-24071 (File Explorer spoofing), were promptly addressed by Microsoft during their March 2025 Patch Tuesday updates.

Connection Revealed

The report of these vulnerabilities was submitted by a user known as SkorikARI, whose connection to EncryptHub has recently come to light through investigative work by researchers at Outpost24.

Robust Evidence

Hector Garcia, a security analyst at Outpost24, explained to BleepingComputer that the evidence tying EncryptHub to SkorikARI is robust, leading to a high-confidence conclusion about their relationship.

History of the Zero-Day Market

This is not the first instance of EncryptHub participating in the zero-day market; in fact, members of the group have attempted to sell zero-day vulnerabilities to fellow cybercriminals on various hacking forums.

The Hacker's Security Practices

Interestingly, despite the hacker's technical prowess, he fell victim to glaring security lapses, ultimately exposing his own personal information.

Inquiries with ChatGPT

What’s more, EncryptHub's interactions with ChatGPT have been somewhat revealing.

Self-Assessment and Ambitions

The hacker's ambitions didn't stop at merely exploiting vulnerabilities; he even sought guidance from ChatGPT on orchestrating a large-scale yet harmless campaign that could impact countless computers purely for publicity.

Conclusion

The story of EncryptHub serves as a reminder of the blurred lines in the digital world, where the same entity can juggle responsibilities as both a threat and a defender, raising ethical questions about the meaning of "hacker" in today’s cybersecurity landscape.