Play Ransomware Exploits Windows Zero-Day CVE-2025-29824


Threat actors associated with the Play ransomware group exploited a Windows zero-day vulnerability, CVE-2025-29824, prior to its patching by Microsoft. This flaw in the Common Log File System (CLFS) driver allowed attackers to escalate privileges, deploy custom malware disguised as Palo Alto Networks tools, and extract sensitive registry hives. The breach targeted a U.S. organization, highlighting the increasing trend of ransomware groups leveraging zero-day vulnerabilities for initial access.

Read More


thumb-image

Solutions