Microsoft has issued an out-of-band update and is urging users to immediately apply the patch. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Hackers exploiting critical vulnerability in Windows Server Update Service
Tag: EN
Top 10 Best Digital Forensics And Incident Response (DFIR) Firms in 2025
In 2025, the complexity of cyberattacks demands more than just a quick fix; it requires a deep dive into the digital footprint left by adversaries and a methodical approach to recovery. For organizations facing such threats, partnering with the Best…
Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287
Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025), CVE-2025-59287, that a prior update did not fully mitigate. CISA strongly urges organizations…
AI for the Financial Sector: How Strategy Consulting Helps You Navigate Risk
The financial industry is transforming as artificial intelligence (AI) is becoming an integral tool for managing operations, improving… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original article: AI…
Look At This Photograph – Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader. This article has been indexed from MalwareTech Read the original article: Look At This Photograph – Passively Downloading Malware Payloads Via Image Caching
Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks
As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on digital gift card systems. The Jingle Thief campaign, orchestrated by financially motivated threat actors based in Morocco, has emerged as a notorious campaign exploiting seasonal…
Middle East Cyber Resilience 2030: Unified Defense in a $26B Market
The Middle East is undergoing one of the fastest digital transformations in the world. National initiatives such as Saudi Vision 2030, Kuwait Vision 2035, and the UAE Digital Government Strategy are fueling large-scale modernization across every sector. However, as this…
Top 10 Best Cyber Threat Intelligence Companies in 2025
Organizations face a relentless onslaught of highly targeted, evasive, and economically motivated cyber threats. To combat this, they are increasingly relying on Cyber Threat Intelligence Companies. To effectively combat this dynamic landscape, simply reacting to incidents is no longer sufficient.…
U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws…
Sneaky Mermaid attack in Microsoft 365 Copilot steals data
Redmond says it’s fixed this particular indirect prompt injection vuln Microsoft fixed a security hole in Microsoft 365 Copilot that allowed attackers to trick the AI assistant into stealing sensitive tenant data – like emails – via indirect prompt injection…
New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer
A sophisticated Python-based remote access trojan has emerged in the gaming community, disguising itself as a legitimate Minecraft client to compromise unsuspecting users. The malware, identified as a multi-function RAT, leverages the Telegram Bot API as its command and control…
Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave
The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with Warlock ransomware began exploiting a critical zero-day vulnerability in Microsoft SharePoint. Discovered on July 19, 2025, the ToolShell vulnerability, tracked as CVE-2025-53770, became a primary…
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS…
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit…
Sotheby’s Investigates Cyberattack That Exposed Employee Financial Information
Global auction house Sotheby’s has disclosed that it recently suffered a data breach in which cybercriminals accessed and extracted files containing sensitive information. The company confirmed that the security incident, detected on July 24, 2025, led to unauthorized access…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability These types…
Everest Ransomware Claims AT&T Careers Breach with 576K Records
Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read…
Top 10 Best Security Operations Center (SOC) as a Service Providers in 2025
In 2025, the digital landscape is more complex and perilous than ever. Organizations face an unrelenting barrage of sophisticated cyber threats, from advanced ransomware campaigns to nation-state-backed attacks. As a result, many are turning to SOC as a Service Providers…
SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware
The SideWinder advanced persistent threat group has emerged with a sophisticated new attack methodology that leverages ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets across South Asia. In September 2025, security researchers detected a targeted campaign affecting…
NDSS 2025 – Symposium on Usable Security and Privacy (USEC) 2025 Afternoon, Paper Session 2
Authors, Creators & Presenters: PAPERS Understanding reCAPTCHAv2 via a Large-Scale Live User Study Andrew Searles (University of California Irvine), Renascence Tarafder Prapty (University of California Irvine), Gene Tsudik (University of California Irvine) Modeling End-User Affective Discomfort With Mobile App Permissions…