Patch Panic: NTLM Hash Leak Exploit Strikes Before Users Update
Attackers are exploiting a Windows vulnerability, CVE-2025-24054, to leak NTLM authentication hashes. All it takes is a user glancing at a malicious .library-ms file. Experts warn: “Beware of accidental folder tourism!” Despite a patch on March 11, exploits spread faster than a cat meme, targeting institutions with stealthy phishing campaigns.

Hot Take:
Who knew that just a casual stroll through your computer’s file system could turn into a walk with a side of identity theft? With CVE-2025-24054, it’s like your Windows system is offering up NTLM hashes faster than a kid handing out candy on Halloween night. And Microsoft, bless their hearts, tried to patch it up, but looks like the hackers were already at the party before the bouncers even got there.
Key Points:
- Vulnerability CVE-2025-24054 leaks NTLM authentication hashes with minimal interaction.
- Exploit active just days after Microsoft released a patch.
- Phishing campaigns delivered exploit via Dropbox links targeting Poland and Romania.
- Malicious archive used multiple files to trigger NTLM hash leaks.
- SMB servers receiving credentials spread across several countries, no direct attribution confirmed.
Already a member? Log in here