Bleeping Computer

Windows 10 themes can be abused to steal Windows passwords

Specially crafted Windows 10 themes and theme packs can be used in 'Pass-the-Hash' attacks to steal Windows account credentials from unsuspecting users. Windows allows users to create custom themes ...
Bleeping Computer

New Windows zero-day leaks NTLM hashes, gets unofficial patch

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer ...
Infosecurity-magazine.com

NTLM Hash Exploit Targets Poland and Romania Days After Patch

A vulnerability allowing attackers to leak NTLM authentication hashes with minimal user interaction has been actively exploited just days after Microsoft released a patch. The flaw, tracked as ...
Dark Reading

Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Multiple attackers are actively exploiting a recently patched Windows vulnerability that exposes authentication credentials, despite Microsoft releasing a fix for it in March. CVE-2025-24054 is an ...
Infosecurity-magazine.com

TA577 Exploits NTLM Authentication Vulnerability

Cybersecurity researchers at Proofpoint have uncovered a new tactic employed by cybercriminal threat actor TA577, shedding light on a lesser-seen objective in their operations. The group was found ...
Dark Reading

OPA for Windows Vulnerability Exposes NTLM Hashes

Organizations using Open Policy Agent (OPA) for Windows should consider updating to v0.68.0 or later to protect against an authentication hash leakage vulnerability identified in all earlier versions ...