Ransomware Exploits Windows Zero-Day CVE-2025-29824 to Breach U.S.
Blog post from SSOJet
Threat actors associated with the Play ransomware family exploited a newly patched security flaw in Microsoft Windows, specifically targeting a U.S. organization by leveraging a privilege escalation vulnerability in the Common Log File System (CLFS) driver, known as CVE-2025-29824. This attack involved deploying the Grixba information stealer, disguised as legitimate Palo Alto Networks software, to infiltrate the network via a public-facing Cisco Adaptive Security Appliance (ASA) and navigate through Windows machines. The exploitation process included creating files indicative of malicious activity and preparing for potential future ransomware attacks, although no payload was initially deployed. Organizations are advised to promptly apply security updates to mitigate this vulnerability and consider implementing Single Sign-On (SSO) solutions like SSOJet to enhance security and streamline user management. The incident underscores the importance of vigilant cybersecurity measures, as ransomware trends show a growing focus on domain controllers, with over 78% of human-operated cyberattacks targeting them to disrupt organizations.
No tracked trend matches for this post yet.