Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data
Exploitation of CVE-2025-59287 began after public disclosure and the release of proof-of-concept code
Similar Posts
Why SOC Burnout Can Be Avoided: Practical Steps
Bys sBehind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through…
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Bys sAs many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in…
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same…
ApolloMD notifies patients of 11 physician practices affected by a June cyberattack
Bys sOn June 12, 2025, Qilin added ApolloMD to their darkweb leak site with a date of June 6. They claimed to have 238 GB of files. ApolloMD, headquartered in Georgia, is a business associate to hospitals and health systems, providing them with services to enhance clinical operations and patient care, and to optimize financial performance…….
Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation
Bys sZack Whittaker reports: Former top Trump cybersecurity official Chris Krebs told The Wall Street Journal in an interview on Wednesday that he vowed to fight back against a federal investigation ordered into him by President Trump. Krebs said in the interview that he will resign from his position at cybersecurity firm SentinelOne in order to challenge the federal investigation, which…
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Bys sGoogle on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. The two high-severity…