Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

RansomEXX Exploits Windows Zero-Day Flaw

April 9, 2025
Reading Time: 2 mins read
in Alerts
Dutch Government Plans to Screen Students

Microsoft disclosed the exploitation of a security vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, in recent ransomware attacks. The vulnerability allowed attackers to escalate privileges and gain SYSTEM-level access to targeted systems. These attacks were aimed at a limited number of organizations, including those in IT, real estate, finance, and retail sectors in the U.S., Venezuela, Spain, and Saudi Arabia. Microsoft patched the flaw during the April 2025 Patch Tuesday update but also delayed the release for certain Windows 10 versions.

The exploitation of CVE-2025-29824 was tied to the RansomEXX ransomware gang, tracked by Microsoft as Storm-2460. The attackers leveraged the PipeMagic malware, a malicious MSBuild file, to deploy the exploit and infect systems. Once access was gained, the attackers used their elevated privileges to deploy ransomware payloads and encrypt files.

The exploitation of this flaw allowed for the dumping of user credentials from the LSASS process, further aiding the attackers in their mission.

PipeMagic has been previously linked to other zero-day flaws in the Windows CLFS, including CVE-2023-28252 and CVE-2025-24983. This malware, which provides full remote access to infected systems, has been observed in multiple attacks, including those involving Nokoyawa ransomware. In these cases, it was used to install additional malicious payloads and enable lateral movement within compromised networks.

Microsoft revealed that, although the exact attack vector is unknown, certutil was observed being used to download the malware from a compromised third-party site.

Importantly, Windows 11 version 24H2 is not affected by this specific exploit due to enhanced access restrictions. Microsoft urges users to apply the security updates as soon as possible to mitigate the risks posed by this zero-day vulnerability. Despite not being able to analyze a sample of the ransomware, Microsoft noted that the ransom note found after encryption contained a TOR domain tied to the RansomEXX group. The exploitation of low-complexity flaws like CVE-2025-29824 highlights the growing risks of privilege escalation in modern ransomware attacks.

Reference:
  • RansomEXX Gang Exploits Windows Zero-Day Vulnerability to Deliver Ransomware
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial