{"id":129580,"date":"2025-10-09T13:45:31","date_gmt":"2025-10-09T13:45:31","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=129580"},"modified":"2025-10-10T02:34:37","modified_gmt":"2025-10-10T02:34:37","slug":"dfir-tool-velociraptor-exploited","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/","title":{"rendered":"Hackers Use DFIR Tool ‘Velociraptor’ to Attack VMware ESXi and Windows Servers with Ransomware"},"content":{"rendered":"\n

Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool<\/a>, in their attacks.<\/p>\n\n\n\n

This marks the first definitive link between a legitimate security tool and a ransomware incident. The campaign, which deployed three separate ransomware strains, is attributed with moderate confidence to the threat actor Storm-2603<\/a>.<\/p>\n\n\n\n

The attack severely impacted the victim’s IT environment, encrypting VMware ESXi<\/a> virtual machines and Windows servers using Warlock, LockBit, and Babuk ransomware.<\/p>\n\n\n

\n
\"Ransom
Ransom Note<\/figcaption><\/figure><\/div>\n\n\n

Legitimate Tool Weaponized<\/strong><\/h2>\n\n\n\n

Velociraptor is designed for security teams to perform endpoint monitoring and data collection, but in this campaign, it played a key role in helping the attackers maintain stealthy, persistent access. <\/p>\n\n\n\n

After gaining initial entry, the threat actors installed an outdated version of Velociraptor (0.73.4.0), which is vulnerable to a privilege escalation flaw tracked as CVE-2025-6264<\/a>.<\/p>\n\n\n\n

This vulnerability can lead to arbitrary command execution and a complete takeover of the affected endpoint. The actors used this foothold to deploy LockBit and Babuk ransomware while remaining undetected.<\/p>\n\n\n\n

This abuse of trusted security products aligns with a broader trend observed by Talos, where attackers increasingly leverage commercial and open-source tools to achieve their objectives.<\/p>\n\n\n\n

Cisco Talos attributes<\/a> this activity to Storm-2603, a suspected China-based group first identified in July 2025, exploiting SharePoint vulnerabilities known as ToolShell. The attribution is based on significant overlaps in tools and tactics.<\/p>\n\n\n\n

Storm-2603 is known for deploying both Warlock and LockBit ransomware in the same attack, and while LockBit is common, the use of Warlock is a strong indicator, as it has been heavily used by this group since it appeared in June 2025. <\/p>\n\n\n\n

The deployment of three distinct ransomware variants, Warlock<\/a>, LockBit, and Babuk, in a single engagement is highly unusual and strengthens the connection to Storm-2603. However, the group had not previously been seen using Babuk, the combination of TTPs points in their direction.<\/p>\n\n\n\n

A Multi-faceted Attack Chain<\/strong><\/h2>\n\n\n\n

The attack, first detected in mid-August 2025, involved a sophisticated chain of events. After gaining what was likely initial access through the ToolShell exploit, the actor escalated privileges by creating new admin accounts and syncing them to Entra ID.<\/p>\n\n\n\n

They used these accounts to access the VMware vSphere console, ensuring persistent control over the virtual environment. <\/p>\n\n\n\n

To impair defenses, the attackers modified Active Directory<\/a> Group Policy Objects (GPOs) to disable Microsoft Defender’s real-time protection and behavior monitoring.<\/p>\n\n\n\n

A fileless PowerShell script carried out the final encryption on Windows machines, while a Linux binary of the Babuk encryptor targeted ESXi servers.<\/p>\n\n\n\n

The attack also featured a double extortion component, with the actors using a custom PowerShell script to exfiltrate sensitive data before encryption, employing techniques to evade detection like suppressing progress indicators and using sleep commands to inhibit analysis.<\/p>\n\n\n\n

Indicator Type<\/th>Indicator Value<\/th><\/tr><\/thead>
C2\/Exfiltration IP<\/td>65.38.121[.]226<\/td><\/tr>
Malicious MSI Domain<\/td>stoaccinfoniqaveeambkp.blob.core.windows[.]net<\/td><\/tr>
Velociraptor C2 Server<\/td>velo.qaubctgg.workers[.]dev<\/td><\/tr>
Velociraptor Installer SHA256<\/td>649BDAA38E60EDE6D140BD54CA5412F1091186A803D3905465219053393F6421<\/td><\/tr>
Velociraptor.exe SHA256<\/td>12F177290A299BAE8A363F47775FB99F305BBDD56BBDFDDB39595B43112F9FB7<\/td><\/tr>
Malicious config.yaml SHA256<\/td>A29125333AD72138D299CC9EF09718DDB417C3485F6B8FE05BA88A08BB0E5023<\/td><\/tr>
In.exe (NTLM Downgrade Tool) SHA256<\/td>C74897B1E986E2876873ABB3B5069BF1B103667F7F0E6B4581FBDA3FD647A74A<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks. This marks the first definitive link between a legitimate security tool and a ransomware incident. The campaign, which deployed three separate ransomware strains, is attributed with moderate confidence to […]<\/p>\n","protected":false},"author":25,"featured_media":129600,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp","fifu_image_alt":"DFIR Tool Velociraptor Exploited","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10,11,41],"tags":[149,151,334],"class_list":{"0":"post-129580","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security","8":"category-cyber-security-news","9":"category-ransomware","10":"tag-cyber-security","11":"tag-cyber-security-news","12":"tag-ransomware"},"yoast_head":"\nHackers Exploit DFIR Tool Velociraptor In Ransomware Attacks<\/title>\n<meta name=\"description\" content=\"Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Use DFIR Tool 'Velociraptor' to Attack VMware ESXi and Windows Servers with Ransomware\" \/>\n<meta property=\"og:description\" content=\"Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-09T13:45:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-10T02:34:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cyber Advisory\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cyber Advisory\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hackers Exploit DFIR Tool Velociraptor In Ransomware Attacks","description":"Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Use DFIR Tool 'Velociraptor' to Attack VMware ESXi and Windows Servers with Ransomware","og_description":"Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.","og_url":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-10-09T13:45:31+00:00","article_modified_time":"2025-10-10T02:34:37+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp","type":"image\/jpeg"}],"author":"Cyber Advisory","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Cyber Advisory","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/"},"author":{"name":"Cyber Advisory","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/1f05494981f36f0a408b14a80886065b"},"headline":"Hackers Use DFIR Tool ‘Velociraptor’ to Attack VMware ESXi and Windows Servers with Ransomware","datePublished":"2025-10-09T13:45:31+00:00","dateModified":"2025-10-10T02:34:37+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/"},"wordCount":577,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news","ransomware"],"articleSection":["Cyber Security","Cyber Security News","Ransomware"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/","url":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/","name":"Hackers Exploit DFIR Tool Velociraptor In Ransomware Attacks","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-10-09T13:45:31+00:00","dateModified":"2025-10-10T02:34:37+00:00","description":"Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#primaryimage","url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900","caption":"DFIR Tool Velociraptor Exploited"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/dfir-tool-velociraptor-exploited\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Hackers Use DFIR Tool ‘Velociraptor’ to Attack VMware ESXi and Windows Servers with Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/1f05494981f36f0a408b14a80886065b","name":"Cyber Advisory","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a8b8f09401b343e59424683345cba3e47e7bdfb9b1c30a2d2868ef526034da1e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8b8f09401b343e59424683345cba3e47e7bdfb9b1c30a2d2868ef526034da1e?s=96&d=mm&r=g","caption":"Cyber Advisory"},"description":"CISO Advisory is a Team of Security Experts Covering Various Cybersecurity Research and Technical Write-ups.","sameAs":["https:\/\/www.cybersecuritynews.com"],"honorificPrefix":"Ms","gender":"Female","url":"https:\/\/cybersecuritynews.com\/author\/varshini\/"}]}},"jetpack_featured_media_url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjMmhzrBxCXX2mxVD7V1xoGHr3i042HbZYLxYU_ZMGRA70rdlOwBKhK7teKJEWdZEykh57yRnmPrXcNMKFqJLsTI0yJ2lSOuAHam3dFHBy3-z3Smb67tPKm_J1HKF53MPjj6zKdskaGeERm2p5XxTm_UtesUv-4IPUq-EGNt5P6N6DrFd4MnhDi1xN_EQ9W\/s1600\/1000042308.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/129580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=129580"}],"version-history":[{"count":6,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/129580\/revisions"}],"predecessor-version":[{"id":129640,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/129580\/revisions\/129640"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/129600"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=129580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=129580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=129580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}