Windows Server

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)

Darktrace, data theft, Don't miss, Eye Security, Hot stuff, Huntress, Malware, News, Palo Alto Networks, Sophos, Windows Server /

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) 2025-10-30 at 15:46 By Zeljka Zorz Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band update Last week’s release of an emergency fix for CVE-2025-59287, a Windows Server Update Services (WSUS) remote code execution vulnerability, […]

React to this headline:

Loading spinner

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Read More »

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

CVE-2025-59287, exploited, Featured, Microsoft, Vulnerabilities, Windows, Windows Server, Wsus /

Critical Windows Server WSUS Vulnerability Exploited in the Wild  2025-10-24 at 17:56 By Eduard Kovacs CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Critical Windows Server WSUS Vulnerability Exploited in the Wild  Read More »

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

BSI, Don't miss, enterprise, Hawktrace, Hot stuff, Microsoft, NCSC-NL, News, security update, SMBs, vulnerability, Windows Server /

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps

React to this headline:

Loading spinner

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)

CISA, Don't miss, GuidePoint Security, Hot stuff, News, PoC, Synacktiv, WatchTowr, Windows, Windows Server /

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) 2025-10-21 at 19:13 By Zeljka Zorz CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog,

React to this headline:

Loading spinner

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) Read More »

Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign

China APT, Industrial, Malware & Threats, PassiveNeuron, Windows Server /

Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign 2025-10-21 at 17:34 By Ionut Arghire A threat actor has been infecting servers of high-profile entities with backdoors to exfiltrate information and deploy additional payloads. The post Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign Read More »

Win-DDoS: Attackers can turn public domain controllers into DDoS agents

DDoS, Don't miss, DoS, enterprise, Hot stuff, News, SafeBreach, vulnerability, Windows, Windows Server /

Win-DDoS: Attackers can turn public domain controllers into DDoS agents 2025-08-11 at 16:02 By Zeljka Zorz SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-32724) can also be leveraged to force public DCs to participate in distributed

React to this headline:

Loading spinner

Win-DDoS: Attackers can turn public domain controllers into DDoS agents Read More »

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Don't miss, Hot stuff, Ivanti, Microsoft Edge, MS Office, News, Patch Tuesday, Qualys, SharePoint, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) 2025-07-09 at 14:31 By Zeljka Zorz For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microsoft SQL Server CVE-2025-49719 is an uninitialized memory

React to this headline:

Loading spinner

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) Read More »

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

Adobe, Akamai, Check Point, Don't miss, Hot stuff, magento, Microsoft, MS Office, News, Patch Tuesday, security update, Tenable, Windows, Windows Server /

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) 2025-06-11 at 14:16 By Zeljka Zorz For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution vulnerability

React to this headline:

Loading spinner

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) Read More »

Unpatched Windows Server vulnerability allows full domain compromise

Active Directory, Akamai, Don't miss, enterprise, Hot stuff, News, privileged accounts, vulnerability, Windows Server /

Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server

React to this headline:

Loading spinner

Unpatched Windows Server vulnerability allows full domain compromise Read More »

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

0-day, Don't miss, Hot stuff, Immersive, Microsoft, News, Patch Tuesday, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) 2025-04-08 at 22:16 By Zeljka Zorz April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS) that can be – and

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) Read More »

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)

Action1, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) 2025-02-11 at 22:21 By Zeljka Zorz February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which interfaces

React to this headline:

Loading spinner

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

Microsoft fixes exploited zero-day (CVE-2024-49138)

0-day, CVE, Don't miss, enterprise, Hot stuff, Immersive Labs, Microsoft, News, Patch Tuesday, Tenable, Windows, Windows Server /

Microsoft fixes exploited zero-day (CVE-2024-49138) 2024-12-10 at 23:04 By Zeljka Zorz On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploited by attackers CVE-2024-49138 stems from a heap-based buffer overflow

React to this headline:

Loading spinner

Microsoft fixes exploited zero-day (CVE-2024-49138) Read More »

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)

ClearSky Cyber Security, CVE, Don't miss, Hot stuff, Malware, News, spear-phishing, Ukraine, vulnerability, Windows, Windows Server /

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) 2024-11-14 at 12:02 By Zeljka Zorz CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions

React to this headline:

Loading spinner

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) Read More »

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

0-day, Active Directory, CVE, Don't miss, Hot stuff, Immersive Labs, Ivanti, Microsoft, Microsoft Defender, News, OpenSSL, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) 2024-11-12 at 23:03 By Zeljka Zorz November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another

React to this headline:

Loading spinner

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) Read More »

Windows Server 2025 gets hotpatching option, without reboots

data center, Don't miss, Hot stuff, Microsoft, News, patching, security update, Windows Server /

Windows Server 2025 gets hotpatching option, without reboots 2024-09-23 at 17:02 By Zeljka Zorz Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows Server 2022 Azure Edition,

React to this headline:

Loading spinner

Windows Server 2025 gets hotpatching option, without reboots Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

React to this headline:

Loading spinner

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

CrowdStrike, Don't miss, Hot stuff, Microsoft, News, Orca Security, phishing, tech support scam, Trend Micro, virtualization, Windows, Windows Server /

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update 2024-07-22 at 15:16 By Zeljka Zorz By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows

React to this headline:

Loading spinner

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update Read More »

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

0-day, ACROS Security, Don't miss, Hot stuff, intrusion detection, logging, News, PoC, Windows, Windows Server /

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs 2024-01-31 at 18:31 By Zeljka Zorz A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders. Discovered by a security researcher named Florian and

React to this headline:

Loading spinner

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs Read More »

Scroll to Top