RelayKing NTLM relay — post-access primitive used by The Gentlemen RaaS

cve · CVE-2025-33073

Coverage timeline

first 2026-05-17 → last 2026-05-17

no data

Briefs

1 distinct

Sources cited

4 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-W20CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026)

Source distribution

bankinfosecurity.com1 (25%)
blog.checkpoint.com1 (25%)
github.com1 (25%)
research.checkpoint.com1 (25%)

External references

NVD · cve.org · CISA KEV

All cited sources (4)

research.checkpoint.comprimaryinlineCheck Point Researchhttps://research.checkpoint.com/2026/thus-spoke-the-gentlemen/
source profile · cited in 2026-W20, 2026-05-14
bankinfosecurity.cominlineBankInfoSecurity, 2026-05-11https://www.bankinfosecurity.com/tables-turned-gentlemen-ransomware-group-suffers-data-leak-a-31654
cited in 2026-05-14
blog.checkpoint.cominlineCheck Point bloghttps://blog.checkpoint.com/research/when-the-ransomware-gang-gets-hacked-what-the-gentlemen-leak-reveals-about-modern-ransomware-risk
cited in 2026-W20
github.cominlineGitHub `Bedrock-Safeguard/gentlemen-decryptor`https://github.com/Bedrock-Safeguard/gentlemen-decryptor
source profile · cited in 2026-05-14

Items in briefs about RelayKing NTLM relay — post-access primitive used by The Gentlemen RaaS

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.