A significant vulnerability, CVE-2025-24054, found in Windows NTLM protocol, exposes NTLM hashes through .library-ms files and has led to targeted phishing campaigns against government agencies and private corporations. Following its recent patch in March 2025, researchers observed active exploitation shortly thereafter, with suspicious activity traced back to a threat group associated with Russian state-sponsored hackers. Attackers leveraged this vulnerability to send malicious emails, directing victims to ZIP files that, once extracted, activated the exploit, ultimately compromising sensitive authentication credentials.
Windows' NTLM vulnerability exposes sensitive information through .library-ms files, with attackers exploiting it in targeted phishing campaigns against organizations.
Check Point found CVE-2025-24054 was actively exploited within days of its fix; attackers used it to steal NTLM hashes in a sophisticated phishing campaign.
Collection
[
|
...
]