Windows zero-day grants SYSTEM access on patched machines
Researcher releases working exploit for privilege escalation flaw affecting current Windows versions; Microsoft has not yet issued a patch.
A privilege escalation vulnerability in Windows—designated MiniPlasma—now has public proof-of-concept code that grants attackers SYSTEM-level access on fully patched systems. The exploit was released by a cybersecurity researcher and confirmed functional by BleepingComputer.
SYSTEM privileges represent the highest tier of access in Windows environments, exceeding even administrator rights. An attacker who gains initial foothold through phishing, malware, or stolen credentials can leverage MiniPlasma to escalate control and move laterally across networks. The flaw affects current Windows versions that have received all available security updates as of mid-May 2025.
Microsoft has not yet released a patch or assigned a CVE identifier. The public availability of working exploit code materially increases risk for enterprise networks, particularly those with inadequate endpoint detection or segmentation. Threat actors typically integrate disclosed zero-days into toolkits within days of publication.
- 01Enterprise IT teams face elevated risk until Microsoft issues patch and deployment completes
- 02Threat actors gain new tool for post-compromise escalation in Windows environments
- 03Organizations with weak endpoint monitoring may not detect exploitation in progress
- 04Incident response teams should audit recent SYSTEM-level activity for anomalies
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.