RansomExx

PipeMagic backdoor used in RansomExx attacks tied to patched Windows vulnerability CVE-2025-29824

Cybercrime, News, Risk, Vulnerabilities

August 19, 2025

Security researchers say the PipeMagic backdoor, used in RansomExx attacks, exploits a patched Windows vulnerability (CVE-2025-29824) and leverages a modular loader to deploy additional payloads, with activity spanning Saudi Arabia, Brazil and beyond.