Windows Server 2025
-
Attackers exploit patched WSUS flaw to deploy infostealer on unpatched Windows servers
Attackers have been observed exploiting CVE-2025-59287 in WSUS to deploy an infostealer on unpatched Windows servers, exfiltrate data to webhook.site URLs and use follow-up tooling including Velociraptor and a UPX-packed Skuld Stealer; agencies and vendors are urging immediate patching and investigation.
-
Microsoft issues out-of-band fix for WSUS vulnerability CVE-2025-59287
Microsoft released an out-of-band cumulative update to address CVE-2025-59287, a critical WSUS deserialization vulnerability being exploited in the wild; admins should apply the patch or disable WSUS/block ports 8530 and 8531 until systems can be rebooted after updating.
-
Wyden urges FTC to probe Microsoft over alleged ‘gross cybersecurity negligence’ linked to ransomware attacks, citing Ascension breach
U.S. Senator Ron Wyden has urged the FTC to investigate Microsoft, accusing the company of cybersecurity negligence linked to ransomware attacks on critical infrastructure, including a major Ascension health-system breach that affected millions of people.
-
Critical Flaw Discovered in Windows Server 2025 Poses Risk to Active Directory Users
A critical security vulnerability in Windows Server 2025, discovered by Akamai researchers, poses serious risks to Active Directory users, enabling potential attackers to gain unauthorized access to any AD user account. With Microsoft yet to release a patch, organizations are urged to implement immediate protective measures.
-
Critical Vulnerability in Windows Server 2025 Exposes Active Directory to Domain Compromise
A critical vulnerability in Windows Server 2025 allows attackers to exploit Active Directory security features, posing risks of full domain compromise. The vulnerability, dubbed the ‘BadSuccessor’ attack, enables unauthorized users to inherit privileges from legitimate accounts without detection, prompting urgent patch development from Microsoft.
-
Critical Vulnerability Discovered in Windows Server 2025 Threatens Active Directory Security
A recently discovered vulnerability in Windows Server 2025 allows attackers to escalate privileges within Active Directory, posing serious security risks until Microsoft releases a patch. Organizations are urged to take immediate precautions.
