Windows NTLM hash leak flaw exploited in phishing attacks on governments

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.

Phishing campaigns abuse Windows NTLM hash leak bug

BleepingComputer reports that government organizations and private firms have been subjected to attacks exploiting the recently patched Windows NTLM hash leak vulnerability, tracked as CVE-2025-24054, as part of separate…

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows that exposes NTLM hashes via .library-ms files is currently being actively exploited by hackers

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure

An attacker can bypass restrictions of RSA Authentication Agent for Windows, via Search Paths, in order to escalate his privileges. View online: https://vigilance.fr/vulnerability/...

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security

CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.