Ransomware Groups Exploit Paragon Partition Manager Vulnerability CVE-2025-0289 Using ClickFix Technique and Havoc C2 Framework

A critical vulnerability in the BioNTdrv.sys driver of Paragon Partition Manager, identified as CVE-2025-0289, is being exploited by ransomware groups. Attackers with local access can escalate privileges and execute malicious code on Windows systems, leading to significant security risks. The vulnerability has been highlighted in multiple reports, including those from The Hacker News and Infosecurity Magazine. In addition to this, a new phishing campaign is utilizing the ClickFix technique to deploy the Havoc command and control (C2) framework through Microsoft SharePoint sites. This multi-stage attack disguises itself behind trusted services to evade detection. Other recent cybersecurity concerns include AWS misconfigurations being exploited for phishing attacks and a surge in third-party risk claims in cybersecurity incidents.