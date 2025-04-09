The one that deserves most attention is CVE-2025-29824, an elevation of privilege (EoP) hole in the Windows Common Log File System Driver, because it is already being exploited.

In a separate note, Microsoft explained the vulnerability is being exploited by a crew it has designated as Storm-2460, which uses the bug to deliver ransomware it’s dubbed PipeMagic. Victims have been found in the US, Spain, Venezuela, and Saudi Arabia.