Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Microsoft warns that a fake ChatGPT desktop app was used to deliver PipeMagic malware, linked to ransomware attacks…...

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability...

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Among the plethora of advanced attacker tools that exemplify how threat actors continuously evolve their tactics, techniques, and procedures TTPs to evade detection and maximize impact, PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Deskto...

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first...

PT-2025-10828 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Win32 Kernel Subsystem versions prior to the fixed version Description: A use-after-free vulnerability in the Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. The vulnerability has been...