Tag: cve
-
Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287)
Technical details CVE-2025-59287 is an unsafe deserialization vulnerability in the WSUS reporting component. In short, WSUS accepts serialized data from a network request and deserializes it without performing sufficient validation. A specially crafted serialized payload can cause unexpected object instantiation during deserialization, which in turn can be abused to execute code inside the WSUS process.”¦…
-
706,000+ BIND 9 DNS Resolvers Exposed to Cache Poisoning PoC Released
A critical vulnerability affecting more than 706,000 BIND 9 DNS resolvers worldwide has been disclosed with proof-of-concept exploit code now publicly available. The security flaw enables attackers to perform cache poisoning attacks by injecting malicious DNS records into vulnerable resolver caches, potentially redirecting users to attacker-controlled infrastructure. The vulnerability, tracked as CVE-2025-40778, was disclosed by…
-
Security Affairs newsletter Round 547 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed CVE-2025-59287: Microsoft fixes critical WSUS…
-
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, hacker, microsoft, rce, remote-code-execution, service, update, vulnerability, windowsCybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on vulnerable servers, and evidence suggests that these attacks are being carried out manually, a technique…
-
CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack
Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus Wulftange of CODE WHITE GmbH reported the vulnerability. >>To comprehensively address CVE-2025-59287, Microsoft has released…
-
Windows Server: OutBand Updates für WSUS-Schwachstelle CVE-2025-59287 (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Kritische Schwachstelle CVE-2025-54236 in Adobe Commerce (Magento)
In der Adobe Commerce-Software (früher Magento) wurde eine kritische Schwachstelle CVE-2025-54236 gefunden. Adobe Commerce ermöglicht nicht authentifizierten Angreifern einen Datei-Upload und am Ende des Tages sogar eine Kontoübernahme. Die Schwachstelle hat den CVSS 3.1-Index von 9.1 (auf einer Skala bis … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/kritische-schwachstelle-cve-2025-54236-in-adobe-commerce-magento/
-
Schneider Electric Opfer der Oracle E-Business Suite 0-day Schwachstelle CVE-2025-61882
Nutzer der Oracle Oracle E-Business Suite (EBS) werden seit Juli 2025 über eine erst am 4. Oktober 2025 gepatchte 0-day-Schwachstelle CVE-2025-61882 erfolgreich angegriffen. Inzwischen werden die Namen von Opfern bekannt. So ist Schneider Electric Opfer der Clop-Ransomware-Gruppe geworden, die die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/oracle-e-business-suite-0-day-schwachstelle-cve-2025-61882/
-
Microsoft Issues Emergency Patch for Critical Windows Server Bug
Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-emergency-patch-windows-server-bug
-
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech…
-
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems
Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trustAs organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
-
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech…
-
Virtualbox 7.1.12 und 7.2.2: Schwachstelle CVE-2025-62641
Gerade wurde bekannt, dass es in Virtualbox 7.1.12 und 7.2.2 die Schwachstelle CVE-2025-62641 gibt. Damit können Angreifer ggf. den Host übernehmen. Zudem sind weitere Schwachstellen in den Versionen vorhanden. Abhilfe schaffen Virtualbox 7.1.14 und 7.2.4. Zum 14. August 2025 hatten … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/virtualbox-7-1-12-und-7-2-2-schwachstelle-cve-2025-62641/
-
Windows Server 2019: OutBand Updates KB5070883 für WSUS-Schwachstelle (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-fixes-cve-2025-59287/
-
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-fixes-cve-2025-59287/
-
Windows Server 2019: OutBand Update KB5070883 für WSUS-Schwachstelle (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that >>comprehensively
-
China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom
China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. >>China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in…
-
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure. Attribute Details CVE ID CVE-2025-59287 Released October 14, 2025 Last Updated October 23, 2025 Vulnerability Type Remote…
-
Fear the ‘SessionReaper’: Adobe Commerce Flaw Under Attack
CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sessionreaper-adobe-commerce-flaw-under-attack
-
Anchore Enterprise 5.22: OpenVEX, PURLs, and RHEL EUS Support
Anchore Enterprise 5.22 introduces three capabilities designed to make vulnerability management clearer, cleaner, and more trustworthy: Each of these features adds context and precision to vulnerability data”, helping teams reduce noise, speed triage, and strengthen communication across the supply chain. Security teams are flooded with vulnerability alerts that lack actionable context. A single CVE may…
-
Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
CVE-2025-61932, an >>improper verification of source of a communication channel
-
Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
CVE-2025-61932, an >>improper verification of source of a communication channel
-
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)
Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and affects multiple product versions dating back…
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and affects multiple product versions dating back…
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…