Output Messenger flaw exploited as zero-day in espionage attacks

A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. Microsoft Threat Intelligence analysts who spotted these attacks also discovered the security flaw (CVE-2025-27920) in the LAN messaging application, a directory traversal vulnerability that can let authenticated attackers access sensitive files outside the intended directory or deploy malicious payloads on the server's startup folder. "Attackers could access files such as configuration files, sensitive user data, or even source code, and depending on the file contents, this could lead to further exploitation, including remote code execution," Srimax, the app's developer, explains in a security advisory issued in December when the bug was patched with the release of Output Messenger V2.0.63. Microsoft revealed on Monday that the hacking group (also tracked as Sea Turtle, SILICON, and UNC1326) targeted users who hadn't updated their systems ... Read full article.