Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data
Exploitation of CVE-2025-59287 began after public disclosure and the release of proof-of-concept code
Similar Posts
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
Bys sA suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation. “Airstalk misuses the AirWatch API…
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
Bys sBeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local…
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
Bys sA new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor. The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days…
Oxfam Hong Kong data leak: charity violated data protection law
Bys sAmbrose Li reports: The local arm of international charity Oxfam violated the data protection law following a leak in July that potentially affected 550,000 people, Hong Kong’s privacy watchdog ruled in an investigation report on Thursday. […] “The privacy commissioner considered that Oxfam had not taken all practicable steps to ensure that the personal data…
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
Bys sCryptocurrency exchange Bybit on Friday revealed that a “sophisticated” attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. “The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet….
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Bys sGrafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First