The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding an actively exploited vulnerability in Microsoft Windows, tracked as CVE-2025-24054, that enables attackers to steal sensitive authentication hashes with minimal user interaction.
The flaw, which affects the legacy NTLM (New Technology LAN Manager) authentication protocol, has been leveraged in a series of coordinated phishing campaigns targeting government and private organizations, particularly in Poland and Romania, since March 19, 2025.
https://cyberpress.org/cisa-warns-windows-ntlm/