On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver.
Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, and the United States. By exploiting CVE‑2025‑29824, the threat actor was able to escalate its privileges to NT AUTHORITY\SYSTEM to perform lateral movement and encrypt victims’ files.
Read more…
Source: BI.ZONE
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical PHP flaw exposes QNAP NAS devices to RCE attacks
June 22, 2022
QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. “A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. If exploited, the vulnerability allows attackers to ...
- CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
June 21, 2022
Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government’s CISA and private security researchers. Some of these vulnerabilities received CVSS severity scores as high as 9.8 ...
- Sophos Firewall zero-day bug exploited weeks before fix
June 16, 2022
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations. On March 25, ...
- 730K WordPress sites force-updated to patch critical plugin bug
June 16, 2022
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up. Wordfence threat ...
- Microsoft fixes under-attack Windows zero-day Follina
June 15, 2022
Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and ...
- CISA Adds One Known Exploited Vulnerability to Catalog
June 14, 2022
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date ...