Windows CLFS privilege-escalation flaw actively exploited (CVE-2025-29824)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-29824 in Windows Common Log File System (CLFS) is being actively exploited for privilege escalation and ransomware intrusion, despite Microsoft addressing it in April 2025. The flaw is tied to Storm-2460 and the deployment of PipeMagic in RansomExx attacks. Reported activity in 2025 shows continued abuse of a patched Windows weakness across multiple regions.
Related Happenings
Storm-1175 high-tempo Medusa ransomware campaign
Campaign
First: 07.04.2026 13:02
Last: 07.04.2026 13:02
Sources 1
About this happening:
**Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...
Storm-1175 high-tempo Medusa ransomware campaign
CampaignAbout this happening: **Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...
Storm-1175 high-velocity exploit campaign
Campaign
First: 06.04.2026 19:56
Last: 06.04.2026 19:56
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Storm-1175 high-velocity exploit campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
CyberVolk VolkLocker RaaS debut targeting Linux/VMware ESXi and Windows
Malware Activity
First: 13.12.2025 17:11
Last: 13.12.2025 17:11
Sources 1
About this happening:
**CyberVolk** expanded its **VolkLocker** ransomware operation in **August 2025**, putting **Linux/VMware ESXi** and **Windows** environments at risk. The malware’s **Golang timer...
CyberVolk VolkLocker RaaS debut targeting Linux/VMware ESXi and Windows
Malware ActivityAbout this happening: **CyberVolk** expanded its **VolkLocker** ransomware operation in **August 2025**, putting **Linux/VMware ESXi** and **Windows** environments at risk. The malware’s **Golang timer...
Storm-0249 shifts from initial access brokering to stealth ransomware-enablement tactics
Threat Actor Meta
First: 09.12.2025 15:37
Last: 09.12.2025 15:37
Sources 1
About this happening:
**Storm-0249** is moving from **initial access brokering** to **domain spoofing**, **DLL side-loading**, and **fileless PowerShell** to support **ransomware attacks**. The shift m...
Storm-0249 shifts from initial access brokering to stealth ransomware-enablement tactics
Threat Actor MetaAbout this happening: **Storm-0249** is moving from **initial access brokering** to **domain spoofing**, **DLL side-loading**, and **fileless PowerShell** to support **ransomware attacks**. The shift m...
LockBit ransomware return with 5.0 and 3.0 attacks
Malware Activity
First: 24.10.2025 18:15
Last: 24.10.2025 18:15
Sources 1
About this happening:
**LockBit** resurfaced in active **ransomware** operations in **September 2025**, with at least a dozen victims hit and a mix of **LockBit 5.0** and **LockBit 3.0/LockBit Black**...
LockBit ransomware return with 5.0 and 3.0 attacks
Malware ActivityAbout this happening: **LockBit** resurfaced in active **ransomware** operations in **September 2025**, with at least a dozen victims hit and a mix of **LockBit 5.0** and **LockBit 3.0/LockBit Black**...
Timeline
-
18.08.2025 19:03 1 articles · 9mo ago
Storm-2460 exploitation of CVE-2025-29824 disclosed
Initial DisclosureStorm-2460 is exploiting CVE-2025-29824 in Microsoft Windows Common Log File System (CLFS) to deploy PipeMagic during RansomExx ransomware attacks, with 2025 activity linked to organizations in Saudi Arabia and Brazil and Microsoft having addressed the flaw in April 2025.
Show sources
- Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware — thehackernews.com — 18.08.2025 19:03