🚨 Microsoft dissects PipeMagic — modular backdoor disguised as ChatGPT desktop app.
🔹 Linked to Storm-2460 / RansomEXX ransomware
🔹 Exploits Windows 0-day (CVE-2025-29824)
🔹 Modular + stealthy, memory-resident design
🔹 Targets orgs in US, EU, S. America, Middle East

#Infosec #Ransomware #ZeroDay #PipeMagic

NEW 🚨 Microsoft warns hackers used a fake ChatGPT desktop app to deliver the PipeMagic backdoor, linked to ransomware attacks exploiting a #Windows zero-day.

🔗 hackread.com/fake-chatgpt-desktop-app-pipemagic-backdoor-microsoft/

#CyberSecurity #Microsoft #ChatGPT #PipeMagic #Malware

#Windows #UnderAttack: #0day #vulnerability used by #ransomware group

https://www.ghacks.net/2025/04/09/windows-under-attack-0-day-vulnerability-used-by-ransomware-group/?utm_source=mas.to&utm_medium=social&utm_campaign=&utm_term=&utm_content=&utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO&utm_id=&utm_creative=&utm_channel=mastodon_organic&utm_platform=desktop&utm_location=argentina&utm_language=es-ar&utm_variant=

#0DayVulnerability #ZeroDay #ZeroDayVulnerability #Windows10 #Windows11 #WindowsServer #WindowsServer2025 #CVE202529824 #CVE_2025_29824 #CommonLogFileSystem #CLFS #Storm2460 #Storm_2460 #RansomEXX #MSBuild #PipeMagic #LSASS #LSASSMemory

Happy Wednesday everyone!

Today's #readoftheday starts strong! "Microsoft Threat Intelligence and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) against a small number of targets." and their discovery involved #PipeMagic malware which was used to deploy ransomware. Enjoy and Happy Hunting!

Exploitation of CLFS zero-day leads to ransomware activity
https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in the Windows kernel 🪟 to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines.

The exploit targets Windows 8.1 and Server 2012 R2. The vulnerability affects OSes released before Windows 10 build 1809, including still supported Windows Server 2016. It does not affect more recent Windows OSes such as Windows 11.

The vulnerability is a use after free in Win32k driver. In a certain scenario achieved using the #WaitForInputIdle API, the #W32PROCESS structure gets dereferenced one more time than it should, causing UAF. To reach the vulnerability, a race condition must be won.

The patches were released today. Microsoft advisory with security update details is available here:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983