Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

DRAGONS COMMUNITY

Your trusted source for cybersecurity, technology, and AI insights

Platform

News
AI
Vulnerabilities
CVE Database
Threat Intelligence
Ransomware
Resources

Product

Pricing
Enterprise
Dashboard
API
Advertise

Company

About
Careers
Contact
Newsletter

Legal

Privacy Policy
Terms of Service
Cookie Policy

Made with by Dragons Community for the cybersecurity community

support@dragons.community● All Systems Operational

CVE-2026-21954 exploitation observed in ransomware chain — Dragons Community | Dragons Community

← Threat Intelligence

Vulnerability ExploitationTLP:AMBERCriticalConfidence: High

CVE-2026-21954 exploitation observed in ransomware chain

Published May 23, 2026 · Updated May 23, 2026 · vendor report

Summary

The Windows Kernel privilege escalation vulnerability is being incorporated into post-access ransomware deployment chains by mock threat operators.

Safety Note

No real exploit code or payload details included. Defensive context only.

Needs Reviewv1.0.0

Related Threat Actors

VoidLock Collective

ransomware · Eastern Europe (assessed)

Related Campaigns

Operation BlackHarvest

active · Healthcare, Manufacturing

Related Malware

VoidCrypt

ransomware · VoidCrypt, VC-Ransom

Related CVEs

CVE-2026-21954

MITRE ATT&CK Techniques

T1486 — Data Encrypted for Impact

Impact

Maintain offline backups. Monitor for mass file modification events. Restrict execution of unknown binaries. Implement endpoint detection for encryption behavior.

T1059.001 — PowerShell

Execution

Enable PowerShell logging (ScriptBlock, Module, Transcription). Restrict PowerShell execution policy. Deploy AMSI-aware endpoint protection. Monitor for encoded command execution.

Related Ransomware Groups

VoidLock

Active · Healthcare, Manufacturing, Education

Related IOCs

c2-voidlock.example.net

Domain · Active

a1b2c3d4e5f6[REDACTED]

Hash · Active

voidcrypt_payload.exe

File Name · Active