Two Windows Vulnerabilities, One a 0-Day, Are Under Active Exploitation

Posted2 months agoActive2 months ago

ndsipa_pomu

33 points

4 comments

arstechnica.comTechstory

calmnegative

Debate

20/100

Windows VulnerabilitiesCybersecurityExploit

Key topics

Windows Vulnerabilities

Cybersecurity

Exploit

A recent discovery of two Windows vulnerabilities, including a 0-day, has sparked concern among HN users as they are being actively exploited, with discussions focusing on potential mitigations and the importance of timely patching.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

14h

Peak period

14-16h

Avg / period

1.3

Key moments

01Story posted
Oct 31, 2025 at 9:01 PM EDT
2 months ago
Step 01
02First comment
Nov 1, 2025 at 11:21 AM EDT
14h after posting
Step 02
03Peak activity
2 comments in 14-16h
Hottest window of the conversation
Step 03
04Latest activity
Nov 1, 2025 at 9:50 PM EDT
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (4 comments)

Showing 4 comments

cyanydeez

2 months ago

1 reply

Cant wait for production LLMs to crank these out daily and microsft start doing the type of celebrating Republicans do when they catch drug smugglers at the border.

Will humanity survive LLM GIGO?

Batman8675309

2 months ago

1 reply

I don't see how LLMs could pump stuff like this out anytime soon. Especially when you'll have defensive LLMs around that time.

If anything else, this just shows that we need more layered security for everything, even the ancient parts of the OS.

cyanydeez

2 months ago

I think you misunderstand. Microsoft is pushing to build their software using LLMs, so bugs inand then bugs out. GIGO.

hulitu

2 months ago

> Trend Micro went on to say that the groups were exploiting the vulnerability, then tracked as ZDI-CAN-25373, to install various known post-exploitation payloads on infrastructure located in nearly 60 countries, with the US, Canada, Russia, and Korea being the most common.

> On Thursday, security firm Arctic Wolf reported that it observed a China-aligned threat group, tracked as UNC-6384, exploiting CVE-2025-9491 in attacks against various European nations.

So as long as the China hasn't exploited it: Nothing to see here please move along. But hey, we have passkeys and biometric authentication, and secure boot and TLS. /s

View full discussion on Hacker News

ID: 45778372Type: storyLast synced: 11/20/2025, 1:48:02 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN