An unaddressed security vulnerability affecting Microsoft Windows has been leveraged by 11 state-affiliated entities from China, Iran, North Korea, and Russia in efforts related to data exfiltration, surveillance, and financially driven operations that trace back to 2017. The zero-day flaw, recorded by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, pertains to a problem that enables malicious actors to perform covert execution.