Cybercriminals are exploiting Microsoft Help Index Files to deploy the PipeMagic backdoor, showcasing advanced evasion techniques. Stay vigilant and update your security protocols. #CyberSecurity #Malware #PipeMagic Link: thedailytechfeed.com/threat-actor...

Awakari App

Microsoft Dissects PipeMagic Modular Backdoor PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility. The post Microsoft Dis...

#Malware #& #Threats #backdoor #malware #PipeMagic

Origin | Interest | Match

With encrypted named pipes, RC4 decryption, and advanced C2 modules, PipeMagic exfiltrates data, manages payloads, and resists detection. Microsoft advises tamper protection, EDR block mode, and strong vulnerability management.

#PipeMagic #Malware #Storm2460 #CyberSecurity #ThreatIntel

PipeMagic evolve con exploit CVE-2025-29824, integrando loader sofisticati e moduli backdoor per attacchi globali attribuiti al gruppo Storm-2460.

#backdoor #PipeMagic #RansomEXX #Storm2460
www.matricedigitale.it/2025/08/19/p...

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

NEW 🚨 Microsoft warns hackers used a fake ChatGPT desktop app to deliver the PipeMagic backdoor, linked to ransomware attacks exploiting a #Windows zero-day.

🔗 hackread.com/fake-chatgpt-desktop-app-pipemagic-backdoor-microsoft/

#CyberSecurity #Microsoft #ChatGPT #PipeMagic #Malware

PipeMagic: Modular Backdoor Framework

~Microsoft~
Storm-2460 uses the PipeMagic modular backdoor, exploiting CVE-2025-29824, to deploy ransomware.
-
IOCs: aaaaabbbbbbb. eastus. cloudapp. azure. com
-
#PipeMagic #Storm2460 #ThreatIntel

Microsoft Help Index File Exploited by Threat Actors to Deploy PipeMagic Malware PipeMagic Malware - Security researchers have uncovered a sophisticated attack campaign where threat actors are exploiting Microsoft.

Microsoft Help Index File Exploited by Threat Actors to Deploy PipeMagic Malware Security researchers have uncovered a sophisticated attack campaign where threat actors are exploiting Microsoft Hel...

#Malware #Microsoft #Threats #PipeMagic #Malware

Origin | Interest | Match

Storm-2460's Exploitation of Windows Zero-Day: Threat Actor similarity in focus. Storm-2460, a cyber threat group, is actively exploiting a zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), primarily targeting the finance sector and other high-v...

Your bank’s “security strategy”? Hope, duct tape, and a prayer. 🙃

Meanwhile, Storm-2460 is out here doing magic tricks with #PipeMagic and CVE-2025-29824. 🎩

You patchin’, or just manifesting safety?

Read the blog 👉 blog.alphahunt.io/storm-2460s-...

#AlphaHunt #AskYourTIP #CyberSecurity #CTI

Microsoft: CLFS Zero-Day Flaw Exploited in Ransomware Attacks  Ransomware attackers abused a zero-day flaw in a widely used Windows logging system for managing transactional information to launch attacks against organisations in the US real estate sector, Microsoft revealed Tuesday.  In a blog post, the tech giant stated that the perpetrators employed a previously unknown flaw discovered in Windows' Common Log File System - a popular target for malicious actors seeking privilege escalation - to attack "a small number of targets," including American real estate firms, a Spanish software company, Venezuela's financial sector, and Saudi Arabia's retail sector.  The flaw, identified as CVE-2025-29824, has a CVSS score of 7.8 and has been added to the Cybersecurity and Infrastructure Security Agency's "Known Exploited Vulnerabilities Catalogue".  Microsoft stated that Storm-2460, a ransomware threat actor, used the issue to spread PipeMagic malware. In March, the firm addressed a different bug in the Windows Win32 Kernel Subsystem that allowed hackers to escalate privileges to the system level, an exploit that researchers later linked to targeted assaults targeting Asian and Saudi organisations using a PipeMagic backdoor. The tech behemoth said it "highly recommends organizations apply all available security updates for elevation of privilege flaws to add a layer of defense against ransomware attacks if threat actors are able to gain an initial foothold.” Microsoft noted that it has not yet determined how Storm-2460 got access to compromised devices, although it did note that the organisation downloaded malware from a legitimate third-party website it had previously infiltrated using the Windows certutil application. Following the deployment of PipeMagic, the attackers used a technique that prevented them from writing data to disc and enabled them to launch the log system exploit directly in memory. In a security update posted on Tuesday, the company stated that users of Windows 11, version 24H2, "are not affected by the observed exploitation, even if the vulnerability was present.”

Microsoft: CLFS Zero-Day Flaw Exploited in Ransomware Attacks #Microsoft #PipeMagic #RansomwareActor

Storm-2460's Exploitation of Windows Zero-Day: Threat Actor similarity in focus. Storm-2460, a cyber threat group, is actively exploiting a zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), primarily targeting the finance sector and other high-v...

Storm-2460's #PipeMagic turns banks into open vaults. Still relying on '90s security? #Patch CVE-2025-29824 now or pay later. 🏦🔓

blog.alphahunt.io/storm-2460s-...

#AlphaHunt #AskYourTIP #CyberSecurity #CTI

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.

#PipeMagic Trojan exploits Windows CLFS zero-day (CVE-2025-XXXXX) to deploy ransomware—active attacks bypassing patches.

Technical analysis: thehackernews.com/2025/04/pipe... #CyberSecurity #Ransomware

#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in Windows Kernel to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines. 1/4