Category: Blog

Cyberespionage groups are consistently innovating to secure long-term access to compromised systems, exemplified by the Russian APT group known as Curly COMrades. This group has recently been documented employing a novel method to hide their malware tools by deploying Linux-based virtual machines (VMs) on infected Windows 10 machines. According to researchers from Bitdefender, the attackers…

Microsoft recently faced challenges following the release of emergency update KB5070881, intended to address a critical vulnerability in Windows Server Update Services (WSUS), known as CVE-2025-59287. IT administrators reported that this update inadvertently disrupted Hotpatching for some instances of Windows Server 2025, causing significant concern. In a statement regarding the update, Microsoft acknowledged that a…

At least 50 organizations in the U.S. have been targeted by attacks exploiting a significant vulnerability in Windows Server Update Service (WSUS), according to cybersecurity firm Sophos. This vulnerability, identified as CVE-2025-59287, involves the deserialization of untrusted data. Despite a security update released by Microsoft in mid-October, it failed to protect against these threats, prompting…

Microsoft has issued a critical security update aimed at addressing a remote code execution vulnerability that affects multiple versions of Windows Server Update Services (WSUS). This vulnerability had not been fully resolved in a prior update, prompting the intervention from the Cybersecurity and Infrastructure Security Agency (CISA). CISA is urging organizations to follow Microsoft’s guidance…

Windows Server 2025 is currently vulnerable to a Remote Code Execution exploit through the Windows Update Service, with Microsoft yet to provide a complete fix. Reports indicate that a prior attempt to patch the vulnerability failed to prevent exploitation, and this contradicts Microsoft’s claim that the issue hadn’t been publicly disclosed. The exploit, similar to…

Network defenders are urged to address a newly discovered critical vulnerability in Windows Server Update Services (WSUS) that is currently being exploited. Microsoft released an out-of-band update to rectify this issue last Thursday, coinciding with reports from Huntress of threat actors actively targeting WSUS instances accessible through their default ports, 8530 and 8531. The vulnerability,…

Security researchers at Huntress have detected the real-time exploitation of a remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS), which Microsoft recently addressed with an out-of-band security patch designated as CVE-2025-59287. WSUS is a crucial tool employed by enterprise administrators to manage and distribute updates throughout corporate networks. The vulnerability arises from…

Security researchers are raising alarms about a serious vulnerability in Microsoft Windows Server Update Service (WSUS) that hackers have been exploiting. This vulnerability, identified as CVE-2025-59287, stems from the deserialization of untrusted data, potentially allowing intruders to execute unauthorized code. The threat landscape is concerning. Reports from Huntress indicate that attackers are already taking advantage…

Microsoft recently issued out-of-band patches to address a critical vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287. This vulnerability, known for allowing remote code execution with SYSTEM privileges, was not fully rectified by earlier patches released on October 14. As a result, attackers have begun exploiting this flaw in the wild following…

Microsoft has recently issued out-of-band security updates to address a critical-severity vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287. This vulnerability, rated at a CVSS score of 9.8, allows for remote code execution through a flaw originally patched during last week’s Patch Tuesday. The exploitation of this vulnerability is particularly concerning as…