Microsoft's recent Patch Tuesday updates included a critical vulnerability, CVE-2025-24054, which attackers swiftly weaponized just days later. This flaw allows the leaking of NTLM hashes, enabling unauthorized access through impersonation. The attackers employed phishing tactics, distributing malicious ZIP archives that contained files exploiting the vulnerability. Within weeks, the campaign expanded globally, revealing ease of use and minimal user interaction required for exploitation. The involvement of APT28 suggests advanced persistent threats are increasingly targeting both government and private sectors, prompting urgent calls for heightened cybersecurity measures.
The Windows flaw CVE-2025-24054 has been weaponized by attackers using it to leak NTLM hashes, leading to impersonation and unauthorized access.
Check Point's research reveals that the vulnerability allowed malicious actors to exfiltrate NTLM hashes via phishing emails and ZIP archives.
Attackers, linked to APT28, have exploited this vulnerability with minimal user interaction, indicating significant risk despite Microsoftâs initial rating of 'less likely' for exploitation.
The quick escalation of attacks shows how rapidly cyber threats can evolve, emphasizing the need for proactive cybersecurity measures in both public and private sectors.
Collection
[
|
...
]