Security News > 2024 > November > RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed RomCom with an exploit that requires no user interaction,” ESET researchers said. The campaign leveraging the zero-click exploit CVE-2024-9680 allowed the attackers to execute code in the restricted context of the browser and CVE-2024-49039 allowed it … More → The post RomCom hackers chained Firefox and Windows zero-days to deliver backdoor appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
Related news
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-49039 | Unspecified vulnerability in Microsoft products Windows Task Scheduler Elevation of Privilege Vulnerability | 8.8 |
| 2024-10-09 | CVE-2024-9680 | Use After Free vulnerability in multiple products An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |