Netherlands Eyes Cutting-Edge Skies With Us Backed Air Force Tech
The Netherlands has taken a significant step towards strengthening its military capabilities by …
02. November 2025
Windows Users Under Siege As Two Critical Flaws Are Exploited In Record Time
Two Windows Vulnerabilities Under Active Exploitation: A Growing Concern for Cybersecurity
In recent attacks, two critical Windows vulnerabilities have been identified as being under active exploitation, leaving numerous individuals and organizations vulnerable to malicious activity. One of these vulnerabilities, CVE-2025-9491, has been known to attackers since 2017, while the other is a newly discovered zero-day that has already been tracked by security researchers.
The first vulnerability, CVE-2025-9491, stems from a bug in the Windows Shortcut binary format. This bug allows attackers to inject malicious code into system binaries, potentially leading to arbitrary code execution and further exploitation. The exploit takes advantage of a specific format vulnerability in the shortcut file format, which can be used to inject malicious code into legitimate system binaries.
The CVE-2025-9491 vulnerability has been identified as being under active exploitation by security researchers, with multiple threat actors already using it to launch attacks against various targets. According to Arctic Wolf, a China-aligned threat group known as UNC-6384 has been exploiting this vulnerability in attacks against European nations. The attackers use the exploit to install a widely used remote access trojan (RAT) known as PlugX.
The PlugX RAT is a sophisticated piece of malware that allows attackers to remotely access and control infected systems. It can be used for a variety of malicious activities, including data exfiltration, keystroke logging, and system manipulation. The use of PlugX in these attacks highlights the potential severity of the CVE-2025-9491 vulnerability.
A zero-day vulnerability has also been identified as being under active exploitation, which has been known to attackers since 2017. Security firm Trend Micro reported that this vulnerability had been exploited by advanced persistent threats (APTs) using as many as 11 separate attack groups.
The APTs were able to exploit the zero-day vulnerability, then track it as ZDI-CAN-25373, to install various known post-exploitation payloads on infrastructure located in nearly 60 countries. The most common targets were the US, Canada, Russia, and Korea.
Trend Micro noted that these attacks showed a large-scale, coordinated operation, with attackers using multiple tactics and techniques to evade detection. This highlights the potential severity of this vulnerability and the need for immediate attention from security professionals.
The recent surge in attacks exploiting CVE-2025-9491 and the zero-day vulnerability has raised concerns among cybersecurity experts. Arctic Wolf observed a China-aligned threat group, UNC-6384, exploiting CVE-2025-9491 in attacks against various European nations. The attackers used the exploit to install PlugX, which can be used for malicious activities such as data exfiltration and system manipulation.
The consistency in tradecraft across disparate targets suggests that the attackers may have a centralized tool development and operational security standards, even if execution is distributed across multiple teams. This indicates a high level of organization and planning among the attackers.
Microsoft has not yet patched the CVE-2025-9491 vulnerability, which raises concerns about the potential impact on users. The company has acknowledged the issue but has not provided an estimated timeframe for patching.
In response to this vulnerability, security professionals are advised to apply patches as soon as they become available and to implement additional security measures such as monitoring and threat detection tools. These measures can help detect and prevent attacks exploiting these vulnerabilities.
The coordinated nature of these attacks highlights the need for a comprehensive approach to cybersecurity. Organizations should consider implementing industry-standard security protocols such as threat detection and incident response plans to protect against these types of threats.
To minimize damage, security professionals should monitor for signs of attack and be prepared to respond quickly. This includes having in place robust security controls, conducting regular vulnerability assessments, and maintaining up-to-date software and systems. By taking a proactive approach to cybersecurity, individuals and organizations can reduce their risk of falling victim to these types of attacks.