A critical vulnerability in Windows File Explorer (CVE-2025-24071) allows attackers to steal NTLM hashed passwords simply by extracting a malicious .library-ms file from a compressed archive. Microsoft patched this flaw in March 2025. Researchers noted that the exploit could leak credentials automatically, facilitating network spoofing attacks. All Windows users should promptly apply security updates.
Phishing-based attacks have risen 140% year-over-year
More than 752,000 browser-based phishing attacks have been identified in the past year through research analysis.
