American Hospital Association

H-ISAC TLP White Threat Bulletin: POC Exploit Available for Critical WSUS Flaw CVE-2025 ...

On October 23, 2025, Microsoft issued an out-of-band (OOB) security update for a critical-severity Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-59287.
Security Boulevard

Critical Microsoft WSUS Security Flaw is Being Actively Exploited

A critical security flaw in Microsoft's WSUS feature is being actively exploited in the wild by threat actors who could gain access into unpatched servers, remotely control networks, and use them to ...

Microsoft issues emergency Windows server security patch - update now or risk attack

Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild. As part of its most recent Patch Tuesday cumulative update (October 14, ...
Bleeping Computer

Critical WSUS flaw in Windows Server now exploited in attacks

Attackers are now exploiting a critical-severity Windows Server Update Services (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. Tracked as CVE-2025-59287, ...
TechSpot

Two critical flaws put 7-Zip users at risk of remote code execution

In a nutshell: The 7-Zip file archiver is a popular open-source alternative to paid programs like WinZip and WinRAR. Widely used by both organizations and individuals, it has also become a frequent ...

Windows Server Update Services bug exploited in the wild

Security researchers at Huntress have discovered active exploitation of a remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS) that Microsoft issued an out-of-band patch ...
ZATAZ

7-Zip vulnerabilities: directory escape and remote execution

Two flaws in 7-Zip allow working-directory escape through symlinks inside malicious ZIPs. Update immediately or disable automatic extraction to mitigate risk. Two vulnerabilities, CVE-2025-11001 and ...
Bleeping Computer

TARmageddon flaw in abandoned Rust library enables RCE attacks

A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. Tracked as CVE-2025-62518, ...
Infosecurity-magazine.com

Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution

A critical vulnerability (CVSS4.0 9.3) in WatchGuard Fireware OS has been identified that could allow a threat actor to remotely execute arbitrary code. The bug, tracked as CVE-2025-9242, is an out-of ...

Two Windows vulnerabilities, one a 0-day, are under active exploitation

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...
The Hacker News

⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

Explore this week’s top cyber stories: stealthy virtual machine attacks, AI side-channel leaks, spyware on Samsung phones, ...

Monitoring Software Checkmk: Update Closes Critical Cross-Site Scripting gap

Current versions of the monitoring software Checkmk close a cross-site scripting vulnerability classified as a critical risk.