A threat actor named Bucad is selling a zero-click RCE exploit for the SMBGhost (SMBv3) vulnerability. The exploit allegedly works over public IP with no user interaction required and gives full system access.
Affected versions include:
- Windows 10, 11
- Windows Server 2019, 2022, 2025
The seller claims a working PoC is available.
CyHawk Africa advises organizations to block public SMB exposure, monitor traffic, and prepare for emergency patching once Microsoft responds.