Multiple threat groups exploited a recently patched Windows vulnerability (CVE-2025-29824) as a zero-day, leading to various cyberattacks, including ransomware deployment. The vulnerability affected the Windows Common Log File System (CLFS) and was exploited prior to the patch being released, impacting organizations globally. (Affected: Windows systems and targeted organizations in multiple sectors)
Keypoints :
- Cybercriminals exploited the CVE-2025-29824 vulnerability in Windows before it was officially patched.
- The flaw impacted the Windows Common Log File System (CLFS), enabling privilege escalation.
- Microsoft attributed some attacks to the threat actor Storm-2460, utilizing malware like PipeMagic and RansomEXX ransomware.
- Symantec identified another group exploiting the vulnerability to deploy the Grixba infostealer, linked to Balloonfly and Play ransomware activities.
- Initial access may have been gained through a Cisco ASA vulnerability, followed by lateral movement within networks.
- The exploitation methods varied, with some attacks being fileless and others involving traditional malware processes.
- The vulnerabilityβs exploitation spanned multiple sectors, including IT, real estate, finance, retail, and software firms worldwide.
Read More: https://www.securityweek.com/second-ransomware-group-caught-exploiting-windows-flaw-as-zero-day/