In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824.
The exploit for this vulnerability was executed by the PipeMagic malware, which Kaspersky researchers first discovered in December 2022 in a RansomExx ransomware campaign. In September 2024, we encountered it again in attacks on organizations in Saudi Arabia. Notably, it was the same version of PipeMagic as in 2022. Kaspersky continue to track the malware’s activity. Most recently, in 2025 our solutions prevented PipeMagic infections at organizations in Brazil and Saudi Arabia.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Silent Librarian Retools Phishing Emails to Hook Student Credentials
October 16, 2019
Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has ...
- WAV audio files are now being used to hide malicious code
October 16, 2019
Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code. The technique is known as steganography — the art of hiding information in plain sight, in another data medium. In the software field, steganography — also referred to as stego — is used to describe the ...
- Cybercrime Tool Prices Bump Up in Dark Web Markets
October 16, 2019
Prices have been rising in the last two years for longstanding tools available on the Dark Web to help bad actors commit cyber attacks and fraud, alongside newer innovations that are emerging to bolster crimes like ransomware and SIM swapping, new research has found. Keeping track of these trends in dark-web markets for the tools and ...
- Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT
October 15, 2019
While researching prevalent commodity Remote Access Tools (RATs), Unit 42 researchers discovered a new, undocumented RAT in September, which had almost 50 samples observed in more than 2,200 attack sessions within the first month it was sold. In this report, we document the RAT manager/builder, client malware, and profile the Swedish actor behind this together ...
- IoT: a malware story
October 15, 2019
Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot install any kind of security software. How do we deal with ...
- Sudo Bug Opens Root Access on Linux Systems
October 15, 2019
A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user even if that root access has been specifically disallowed. Sudo is a utility that allows a system administrator to give certain users (or groups of users) the ability to run commands in the context of ...