Exploit used by Play-linked attackers targets the CVE-2025-29824 zero-day vulnerability patched on April 8.| www.security.com
CVE-2025-29824 is a patched Windows zero-day in CLFS (clfs.sys) exploited by the Balloonfly group to escalate privileges and deploy Play ransomware and Grixba malware.| Ampcus Cyber
The FILE_OBJECT structure is used by the system to represent a file object.| learn.microsoft.com