Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

Multiple threat groups exploited a recently patched Windows vulnerability (CVE-2025-29824) as a zero-day, leading to various cyberattacks, including ransomware deployment. The vulnerability affected the Windows Common Log File System (CLFS) and was exploited prior to the patch being released, impacting organizations globally. (Affected: Windows systems and targeted organizations in multiple sectors)

Keypoints :

  • Cybercriminals exploited the CVE-2025-29824 vulnerability in Windows before it was officially patched.
  • The flaw impacted the Windows Common Log File System (CLFS), enabling privilege escalation.
  • Microsoft attributed some attacks to the threat actor Storm-2460, utilizing malware like PipeMagic and RansomEXX ransomware.
  • Symantec identified another group exploiting the vulnerability to deploy the Grixba infostealer, linked to Balloonfly and Play ransomware activities.
  • Initial access may have been gained through a Cisco ASA vulnerability, followed by lateral movement within networks.
  • The exploitation methods varied, with some attacks being fileless and others involving traditional malware processes.
  • The vulnerability’s exploitation spanned multiple sectors, including IT, real estate, finance, retail, and software firms worldwide.

Read More: https://www.securityweek.com/second-ransomware-group-caught-exploiting-windows-flaw-as-zero-day/