On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver.
Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, and the United States. By exploiting CVE‑2025‑29824, the threat actor was able to escalate its privileges to NT AUTHORITY\SYSTEM to perform lateral movement and encrypt victims’ files.
Read more…
Source: BI.ZONE
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Billions of Devices Impacted by Secure Boot Bypass
July 29, 2020
Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning. GRUB2 (which stands for the GRand Unified Bootloader version 2) is the default bootloader for the majority of computing systems. Its job is to manage part of the start-up process – it either presents a ...
- Critical Bugs in Utilities VPNs Could Cause Physical Damage
July 29, 2020
Remote code-execution vulnerabilities in virtual private network (VPN) products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology (OT) networks in industrial systems are vulnerable to an array of security ...
- Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
July 28, 2020
Following the initial disclosure of two F5 BIG-IP vulnerabilities on the first week of July, we continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, we found an internet of things (IoT) Mirai botnet downloader (detected by Trend Micro as Trojan.SH.MIRAI.BOI) that ...
- Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
July 27, 2020
Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability (CVE-2020-3452) in question, which ranks 7.5 out of 10 on the CVSS scale, were released last Wednesday. However, attackers have since been targeting vulnerable versions of the software, ...
- Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)
July 27, 2020
A security issue assigned CVE-2020-8558 was recently discovered in the kube-proxy, a networking component running on Kubernetes nodes. The issue exposed internal services of Kubernetes nodes, often run without authentication. On certain Kubernetes deployments, this could have exposed the api-server, allowing an unauthenticated attacker to gain complete control over the cluster. An attacker with this ...
- NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
July 24, 2020
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. These safety instrumented system (SIS) controllers are ...