The Hacker News ·EN News source
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
CVE Tools coverage
Researchers uncovered the modular malware framework Avalon, which uses a multi-stage phishing chain to bypass security controls and ultimately deploy a ransomware component internally tracked as CrownX. Avalon is designed to harvest credentials and browser data, establish remote access and lateral movement, suppress forensic visibility (including ETW interference), and then encrypt files while disrupting recovery using shadow copy removal. The same report also highlights a JADEPUFFER agentic ransomware campaign that gained access via CVE-2025-3248 affecting a Langflow instance, underscoring how readily AI-assisted tooling can accelerate ransomware development and attack execution.