Windows PCs under threat from zero-day flaw used in ransomware attacks — update your computer right now

When you buy through links on our articles, Future and its syndication partners may earn a commission.
Of the 134 Windows security flaws fixed by Microsoft in yesterday's Patch Tuesday updates, only one was a zero-day flaw that could be potentially exploited by hackers in order to gain system privileges.
Today though, Microsoft has said that flaw (tracked as CVE-2025-29824) has indeed been used as a zero-day exploit in targeted ransomware attacks.
Since it has now been patched, it is of critical importance that Windows users download and install this update immediately to protect their systems. Though the attacks were aimed at a small number of international targets including IT and real estate sectors in the United States, financial institutions in Venezuela, a software company in Spain and a retail sector in Saudi Arabia, any unpatched system is vulnerable.
This zero-day flaw is a privilege escalation bug in the Windows Common Log File System that can be exploited in order to achieve SYSTEM privileges. The Hacker News explains that hackers value these types of exploits specifically because they can enable privileged access for widespread deployment and be used to infect vulnerable PCs with ransomware.
The threat actors have leveraged a malware named PipeMagic in order to deliver both the exploits as well as ransomware payloads; this is the second Window's zero-day flaw to be delivered via this malware. The first one( tracked as CVE-2025-24983) was also a privilege escalation bug, but for the Win32 Kernel Subsystem. That vulnerability was flagged by ESET and patched by Microsoft last month.
While it is currently unknown how the attacks are gaining initial access, it does seem as though the threat actors behind them have been using the certutil utility to download the malware from a compromised third-party site that is being used to stage payloads. Microsoft is tracking the activity and post compromise exploitation of this zero-day under the name Storm-2460.
Patch Tuesday falls on the second Tuesday of every month, so set a calendar reminder so that you can remember to update your PC around that time. Outdated software is a great access point for hackers and threat actors, so don't leave yourself open to attacks by neglecting to install serious updates. Likewise, you can also remind yourself to set up automated updates and scans for your security software, since you should of course have one of the best antivirus programs installed on your PC too.
Since Windows Defender is built-in to Windows, you can use it to periodically scan your system for malware or viruses too. And obviously, you want to practice safe browsing habits online. You can see if your antivirus security suite comes with a hardened browser or VPN feature for an added layer of security but whatever you do, never click on links, attachments or downloads from unexpected senders or unknown sources. Only download apps and software from trusted app stores and developers, and know how to recognize common phishing techniques.
Zero-day flaws provide an easy way for hackers and other cybercriminals to gain a foothold for their attacks and this is why knowledge of them sells for such a high price. Unfortunately though, the only thing you can do to stay safe from attacks exploiting them is to install security updates as soon as they become available and to practice good cyber hygiene online.
Scammers are impersonating QuickBooks in last-minute tax phishing scam — and it's stealing financial data
Google just patched two critical Android zero-days exploited by hackers — update your phone right now
T-Mobile is starting to send out data breach settlement payments for up to $25K — see if you qualify

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

CNBC

24 minutes ago

• CNBC

How a 'brag doc' can help you ace interviews and land a job, says recruiter: ‘No one's reading cover letters'

One of the best pieces of advice Maddie Machado received from a former boss at Microsoft was to keep track of all her career wins. Machado would log "anytime I did a good job, anytime I made someone's life easier, anytime I got kudos" first in a Microsoft document, then a running email draft and now in a slide presentation. She calls it a "brag doc" and says she's used it in every interview for the last 10 years. Machado, 35, is a reverse recruiter and founder of SkillScript, a resume platform, in Tampa, Fla. The concept of documenting your career wins isn't new, but her method categorizes four specific aspects of your professional success: Machado says having a brag doc on hand can help you network and could make a bigger impact than a traditional resume or cover letter. "No one's reading cover letters," Machado says. "Even when I was a recruiter for so many years, I can count on maybe one hand how many times I actually read a cover letter." A brag doc, meanwhile, is "a time for you to toot your own horn," Machado says. "It's hard to see on your resume the amount of impact and the things that you actually owned and are actually proud of." It also shows off the most important aspects of a candidate a hiring manager wants to know, Machado says, based on her time working with hiring managers at companies like Meta and LinkedIn. Hiring managers will generally already know what you do day-to-day in your role, Machado says, but are looking for what you'll bring to a new company and things that will make them think, "Wow, look at what she did there. Imagine what she could do here," she says. "And that's what your brag doc is doing." A brag doc is a useful resource to attach to your application, to follow up with a hiring manager on LinkedIn after you've applied for a role, or even to cold-message someone to network, Machado says. It won't necessarily get you the job right away, but it could get you in the hiring pipeline that much faster. Then, use it to prepare for interviews and negotiate a strong offer, Machado says. "It's nice to be able to remind yourself what you've accomplished so far, whether it's big or small, and also be able to share with other people," she says.

Entrepreneur

an hour ago

• Entrepreneur

Using AI in Customer Service? Don't Make These 4 Mistakes

AI is revolutionizing customer service in 2025, offering speed, personalization and efficiency. But to avoid frustrating users, businesses must ensure the following things. Opinions expressed by Entrepreneur contributors are their own. AI is omnipresent in 2025 in all areas of the business sphere, including customer service. And for good reason. Used right, AI can provide invaluable insights into your customers' behaviors and preferences, boost the efficiency of your customer service team and increase overall satisfaction. Between dynamic personalization, streamlined purchase processes and predictive customer support, many small businesses are leveraging AI to level the playing field and provide enterprise-grade customer service. However, despite AI's massive potential, there are several potential pitfalls when using AI in customer service. At worst, AI can scare off customers or generate frustration, rather than helping to streamline processes. Here are the four most common mistakes — and how to avoid them. Related: How Small Businesses Can Leverage AI Without Breaking the Bank 1. Frustrating generic chatbots To start with, chatbots can be a great asset to your team members and customers alike. They can speedily handle routine queries, free up your agents' capacities, respond to customers even outside regular business hours and reduce wait times. However, to be effective, chatbots need to be well-trained and personalized. Unfortunately, many companies — in a rush to stay ahead in the AI race — deployed chatbots that ask too many questions, give generic answers and fail to solve queries. In one hilarious example, NYC's MyCity chatbot kept giving wrong answers even six months post-deployment and after $600,000 in investments, misinforming users about legal requirements for business owners and even basic facts such as the minimum wage. Overall, 80% of people reported that interactions with chatbots have increased their frustration rather than leading to quicker solutions to the issues they were facing. To avoid this, it's crucial that chatbots are trained well on company-internal data. Ideally, they should be able to leverage customer-specific data across a number of different channels in order to provide personalized, efficient support to every person who reaches out. 2. Unaccessible siloed data On that note, another common pitfall to avoid when implementing AI in customer service is data siloing. One of AI's greatest strengths is its capacity to process huge amounts of data and unearth patterns and trends, condensed into actionable insights. These insights can then be leveraged for personalization and targeted strategy adjustments. However, that's only possible if AI actually has access to all the necessary data elements — and that is a challenge many small businesses are currently facing. In fact, a recent study by Nextiva, a market leader in customer experience software solutions, found that among company leadership, data siloing was identified as one of the most common barriers to AI implementation. In the study, 39% of respondents agreed that they "struggled with accessibility, aggregation, integration and structure of real-time and historical data." To avoid this limitation, it's essential to audit data storage and integration as soon as you start planning your AI implementation strategy. Making sure from the start that the systems you are considering integrate well — or that bridge solutions are at least available — will avoid unnecessary siloing and frustration down the line. Related: AI Can Give You New Insights About Your Customers for Cheap. Here's How to Make It Work for You. 3. Going overboard on hyper-personalization and automation On the other end of the spectrum are businesses that go overboard in their enthusiasm for AI, to a degree that can appear off-putting to many customers. This includes hyper-personalization and automation processes. While personalization is a key advantage of AI and can boost the efficiency of customer service agents and the satisfaction of the people they interact with, you don't want to appear omniscient either. Having the impression that a company knows everything about them before they even talk to you is seen as acutely creepy by many customers. Salesbots, in particular, often trigger the uncanny valley effect, or scare off potential customers by leveraging information they don't feel they ought to have access to. To steer clear of this particular pitfall, it's essential to carefully calibrate the level of personalisation you implement and weigh its potential benefits in boosting conversions against customers' perception of intrusiveness. 4. Forgetting human escalation options Finally, a widespread mistake small businesses make in leveraging AI for customer service is to neglect human escalation options, especially in customer support. No matter what your AI can do, it's always necessary to offer customers the option to talk to a human agent instead. There is nothing more frustrating for a customer facing an urgent problem than being stuck in an ineffective conversation loop with a chatbot or a virtual phone agent when an actual person would clearly help them reach a solution far more efficiently. Outside business hours, when AI is the only one holding down the fort, it's often enough to offer customers the option to leave a message and assure them you will contact them as soon as possible. Other than that, though, you need to give people the option of a human lifeline to help put out an urgent fire. Related: Does AI Deserve All the Hype? Here's How You Can Actually Use AI in Your Business Conclusion In 2025, AI is an incredible asset that small businesses can leverage to elevate their customer service. It is, however, not a panacea. To effectively harness the potential of AI and avoid common pitfalls, it's necessary to carefully plan and train the systems you're deploying, exercise discretion with respect to personalization and implement a human failsafe option. By sticking to these tenets, though, you'll be able to make the most of the opportunities AI has to offer for small businesses in customer service and increase your overall customer satisfaction.

Yahoo

an hour ago

• Yahoo

If I Could Buy Only 1 "Magnificent 7" Stock Over the Next Year, Alphabet Would Be It, but Here's the Key Reason

Alphabet shares have dipped 2% over the past year, while most "Magnificent Seven" stocks posted double-digit percentage gains. Market leaders like Nvidia and Microsoft may look flashier, but Alphabet could offer better value. A tasty combination of affordable shares and artificial intelligence (AI) expertise sets this stock apart from the rest. 10 stocks we like better than Alphabet › The "Magnificent Seven" moniker was originally intended as a warning to long-term investors. Remember, the movie by the same name doesn't have the happiest of endings, and the tragedy made sense as a metaphor for potential market bubbles. Still, the Magnificent Seven group keeps setting the tone for the overall stock market, and most of these stocks are market darlings in 2025, with double-digit price gains over the last 52 weeks. But Google parent Alphabet (NASDAQ: GOOG) (NASDAQ: GOOGL) is lagging behind with a 2% price dip over the last year, and the stock looks downright undervalued in many ways. It's the only Magnificent Seven stock I have bought this year, for one simple reason: It's the best combination of affordable shares and unbeatable artificial intelligence (AI) expertise in this elite group. The other Magnificent Seven companies may have a leg up on Alphabet in the AI market so far. Nvidia's (NASDAQ: NVDA) profitable sales growth is unbeatable. Revenue-based market shares suggest that the cloud computing solutions from Amazon (NASDAQ: AMZN) and Microsoft (NASDAQ: MSFT) are running circles around Google Cloud. But those proven and promised results are firmly baked into the stock prices. Nvidia stock trades at 47 times earnings and 49 times free cash flows today. Microsoft and Amazon have P/E ratios in the mid-30s and cash flow multiples well above Nvidia's. At the same time, Alphabet stock looks affordable at 19 times earnings and 28 times free cash flows. The numbers never tell the whole story, and there's more to say about Alphabet's long-term growth opportunities. From AI services to quantum computing systems, the company was built to thrive amid ever-changing markets and unexpected economy jolts. But the modest stock valuation is a great starting point for further research. Before you buy stock in Alphabet, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Alphabet wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $659,171!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $891,722!* Now, it's worth noting Stock Advisor's total average return is 995% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 9, 2025 Suzanne Frey, an executive at Alphabet, is a member of The Motley Fool's board of directors. John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Anders Bylund has positions in Alphabet, Amazon, and Nvidia. The Motley Fool has positions in and recommends Alphabet, Amazon, Microsoft, and Nvidia. The Motley Fool recommends the following options: long January 2026 $395 calls on Microsoft and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. If I Could Buy Only 1 "Magnificent 7" Stock Over the Next Year, Alphabet Would Be It, but Here's the Key Reason was originally published by The Motley Fool Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data