NTLM hash disclosure spoofing

CISA adds Windows NTLM hash disclosure spoofing flaw to its Known Exploited Vulnerabilities Catalog

A vulnerability in the Windows NTLM authentication protocol, which is known to have been actively exploited for at least a month, has been added to the US CISA’s Known Exploited Vulnerabilities Catalog.

While Microsoft deprecated NTLM last year, it remains widely used. Security researchers discovered the hash disclosure spoofing bug, and Microsoft quietly patched it in March. But the creation of a patch is one thing -- having users install it is something else. By adding the vulnerability, tracked as CVE-2025-24054, to its catalog, CISA is raising aware that action needs to be taken.

By Sofia Elizabella Wyciślik-Wilson - April 18, 2025

NTLM hash disclosure spoofing

CISA adds Windows NTLM hash disclosure spoofing flaw to its Known Exploited Vulnerabilities Catalog

Recent Headlines

AI and automation feed rise in holiday scams

How to install the new Kodi 21.3 Omega on Amazon Fire TV Stick (the easy way)

Kodi 21.3 'Omega' has arrived and you should download it now!

Why silos restrict scale -- and what to do about it [Q&A]

iRobot has filed for bankruptcy

WhatsApp rolls out a sack full of new features for the holiday season

Your earbuds can now translate over 70 languages in real time with Gemini AI

Most Commented Stories

Over a third of US adults now use AI every day

You can now grab a wide selection of Windows 11 themes from the Microsoft Store

Google Maps now makes it easier for iPhone users to find their cars

Ashampoo announces Burning Studio 27 with smarter ripping and better audiobook tools

iRobot has filed for bankruptcy

Online IP infringements rise during the holiday period

New report warns of looming agentic AI and quantum fraud risks

AI and automation feed rise in holiday scams

NEWS

UNITED KINGDOM