Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities are actively being exploited, including a zero-day flaw known to attackers since 2017 and a critical bug that Microsoft failed to patch. The zero-day, identified as ZDI-CAN-25373 and now tracked as CVE-2025-9491, has been exploited by multiple advanced persistent threats (APTs) targeting infrastructure in nearly 60 countries. A China-aligned threat group, UNC-6384, has been observed using the vulnerability to deploy the PlugX remote access trojan in attacks against European nations. The widespread exploitation indicates a large-scale, coordinated operation with centralized tool development and shared operational standards among attackers.