In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824.
The exploit for this vulnerability was executed by the PipeMagic malware, which Kaspersky researchers first discovered in December 2022 in a RansomExx ransomware campaign. In September 2024, we encountered it again in attacks on organizations in Saudi Arabia. Notably, it was the same version of PipeMagic as in 2022. Kaspersky continue to track the malware’s activity. Most recently, in 2025 our solutions prevented PipeMagic infections at organizations in Brazil and Saudi Arabia.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Mac Backdoor Linked to Lazarus Targets Korean Users
November 20, 2019
Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a macro-embedded Microsoft Excel spreadsheet. Similarities to an ...
- NSA Publishes Advisory Addressing Encrypted Traffic Inspection TLCRisks
November 19, 2019
The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. TLSI (aka TLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy ...
- Is agriculture at risk from cyber crime?
November 18, 2019
Most media coverage about cyber-crime shares horrendous examples of how individuals or families’ lives have been ruined by ruthless scams. This is no different in the agriculture sector. Cyber crime has become a major industry – and the cyber security industry has grown rapidly to tackle the scale of the problem. The Office of National Statistics estimates ...
- New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices
November 16, 2019
The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows. According to an advisory published by Facebook, which owns WhatsApp, the list of affected app versions are as follows: Android versions before 2.19.274 iOS versions before 2.19.100 Enterprise Client versions before 2.25.3 Windows Phone versions before and ...
- Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
November 15, 2019
Researchers warn hackers are putting a new spin on old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of infected systems in order to steal user passwords, track ...
- APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims
November 14, 2019
The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia. Each botnet, linked to its own command-and-control (C2) server, comprises a small group of up to a dozen ...