Windows 10 End-of-Life Approaching: Urgent Migration to Windows 11 Needed

In the past week, critical cybersecurity threats have emerged, with significant vulnerabilities being reported across various platforms. Recent cybersecurity incidents include:

1. Interlock RAT Evolves: PHP Variant Leveraging FileFix Targets Multiple Industries
2. Windows 10 End-of-Life Approaching: Urgent Migration to Windows 11 Needed
3. Interlock Ransomware Employs FileFix Technique for Stealthy RAT Deployment
4. Actively Exploited Chrome Vulnerability (CVE-2025-6558): Sandbox Escape via GPU Flaw
5. Golden dMSA Vulnerability: Persistent Cross-Domain Threat in Windows Server 2025

These developments underscore the urgent need for organizations to stay vigilant and apply security updates promptly.

SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.

1. Interlock RAT Evolves: PHP Variant Leveraging FileFix Targets Multiple Industries

The Interlock ransomware group has developed a new PHP-based variant of its custom RAT, using the sophisticated FileFix social engineering method. This malware targets diverse industries globally, combining social engineering, cloud abuse (Cloudflare Tunnel), and multi-language capabilities (PHP & Node.js) for system reconnaissance, remote execution, and lateral movement.

Recommendations to mitigate this threat include patching CMS systems promptly to prevent web shell injections, restricting PowerShell to signed scripts, disabling clipboard execution in File Explorer via GPO, implementing web filtering, and monitoring for outbound connections to Cloudflare Tunnel subdomains. Additionally, conducting privilege audits, isolating compromised systems, removing persistence entries, and enforcing MFA re-registration are crucial.

2. Windows 10 End-of-Life Approaching: Urgent Migration to Windows 11 Needed

Windows 10 reaches end-of-life (EOL) on October 14, 2025. Post-EOL, devices won’t receive security updates, significantly increasing vulnerability to cyber threats.

Recommendations to mitigate this threat include immediately auditing and categorizing Windows 10 devices based on Windows 11 compatibility, prioritizing upgrades to Windows 11 for compatible hardware, and replacing incompatible devices. Organizations should enable essential Windows 11 security features (TPM, Secure Boot, Credential Guard), avoid temporary workarounds, and educate employees about the risks of unsupported operating systems.

3. Interlock Ransomware Employs FileFix Technique for Stealthy RAT Deployment

The Interlock ransomware group has begun leveraging a stealthy new delivery technique called FileFix, which abuses trusted Windows components to trick users into executing malicious commands, resulting in the deployment of a PHP-based RAT.

Recommendations to mitigate this threat include blocking unnecessary cloud-hosted domains such as trycloudflare.com, disabling clipboard execution, restricting PowerShell access to essential administrative tasks, closely monitoring for suspicious PowerShell and HTA executions, implementing registry protection policies, and enhancing user training against advanced social engineering techniques.

4. Actively Exploited Chrome Vulnerability (CVE-2025-6558)

Google Chrome’s ANGLE component vulnerability allows attackers to escape Chrome’s sandbox through malicious WebGL content, enabling arbitrary code execution.

Recommendations to mitigate this threat include immediately updating Chrome to version 138.0.7204.157 or later, enabling automatic browser updates, restricting WebGL where possible, utilizing EDR/XDR solutions to detect abnormal GPU/WebGL activity, and monitoring system logs for unusual rendering behavior or sandbox violations.

5. Golden dMSA Vulnerability: Persistent Cross-Domain Threat in Windows Server 2025

A critical flaw in Windows Server 2025’s Delegated Managed Service Accounts (dMSA) allows attackers to easily generate valid service account passwords, facilitating cross-domain lateral movement and bypassing Credential Guard protections.

Recommendations to mitigate this threat include strictly limiting privileged access to essential personnel, closely monitoring privileged groups, implementing strict access controls on Domain Controllers, segregating administrative duties, monitoring KDS root key access, rotating keys if compromise is suspected, regularly auditing service account access, and implementing network-level monitoring for unusual authentication patterns.