Inside Stealth Falcon’s Espionage Campaign Using a Microsoft Zero-Day Check Point Research (CPR) identified a previously unknown Windows vulnerability (CVE-2025-33053) being actively exploited in the wild. Following CPR’s responsible disclosure, Microsoft released a patch on its June 10th Patch Tuesday The zero-day was used in a targeted espionage operation likely conducted by Stealth Falcon, a threat group known to target entities in the Middle East and Africa. The attack chain begins with a deceptive internet shortcut (.url file) that silently triggers malware hosted on an attacker-controlled WebDAV server, abusing legitimate Windows tools in the process. The operation deployed a sophisticated […]
The post Inside Stealth Falcon’s Espionage Campaign Using a Microsoft Zero-Day appeared first on Check Point Blog.