Security News > 2025 > May > Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
2025-05-07 10:44
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
News URL
https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html
Related news
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Port of Seattle says ransomware breach impacts 90,000 people (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-08 | CVE-2025-29824 | Use After Free vulnerability in Microsoft products Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 7.8 |