MUST READ

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

 | 

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

 | 

Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications

 | 

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

 | 

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

 | 

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

 | 

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

 | 

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

 | 

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

 | 

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

 | 

Herodotus Android malware mimics human typing to evade detection

 | 

WSUS

Pierluigi Paganini October 25, 2025
CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus Wulftange of CODE WHITE GmbH reported the vulnerability. “To comprehensively address CVE-2025-59287, Microsoft has released […]

Pierluigi Paganini August 08, 2015
Hacking Windows Server Update Services to infect enterprises

Two researchers demonstrated how to compromise corporate networks by hacking the Windows Server Update Services and serve malware instead security patches. Security researchers from Context security firm have discovered a technique to serve malware exploiting the Windows update mechanism. The researchers are able to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

Cyber Crime / November 03, 2025

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

Security / November 03, 2025

Android Apps misusing NFC and HCE to steal payment data on the rise

Security / November 03, 2025

Conduent January 2025 breach impacts 10M+ people

Data Breach / November 03, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

Malware / November 02, 2025