Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Windows Server Update Service exploitation ensnares at least 50 victims

By CIO Dive by By CIO Dive
November 3, 2025
Home Enterprise IT
Share on FacebookShare on Twitter


This audio is auto-generated. Please let us know if you have feedback.

At least 50 organizations have been impacted by attacks targeting a critical vulnerability in Windows Server Update Service, with most of them located in the U.S., according to researchers at cybersecurity firm Sophos. 

The vulnerability, tracked as CVE-2025-59287, involves deserialization of untrusted data. A security update issued by Microsoft in mid-October failed to provide adequate protection, and Microsoft issued an emergency out-of-band patch late last week to address the problem. 

Sophos’s own telemetry picked up six incidents linked to the exploitation activity, and additional intelligence gathered by researchers shows at least 50 victims, the company told Cybersecurity Dive. 

“It’s possible this was an initial test or reconnaissance phase, and that attackers are now analyzing the data they’ve gathered to identify new opportunities for intrusion,” Rafe Pilling, director of threat intelligence at Sophos, told Cybersecurity Dive in an emailed statement.

WSUS is widely used by IT administrators to manage product updates from Microsoft. 

Most of the impacted organizations are in the U.S., including technology firms, universities, manufacturers and healthcare organizations, according to a LinkedIn post by Pilling.

Google Threat Intelligence Group researchers previously linked the exploitation to a hacker they are tracking as UNC6512. After gaining initial access, the threat actor has conducted reconnaissance activities on the compromised host and in related environments. It also exfiltrated data. 

Researchers at Eye Security said they have identified two different actors engaged in exploitation, based on their analysis that expands on threat research released last week from Huntress Labs. 

Sophos first identified threat activity against its own customers starting Oct. 24, one day after Microsoft issued the out-of-band patch.  

The Cybersecurity and Infrastructure Security Agency last week added the flaw to its Known Exploited Vulnerabilities catalog. The agency this week urged security teams to urgently apply the Microsoft patches and check their systems for compromise. 



Source link

By CIO Dive

By CIO Dive

Next Post
Eaton Offers .5B To Buy Data Center Cooling-Focused Boyd Thermal

Eaton Offers $9.5B To Buy Data Center Cooling-Focused Boyd Thermal

Recommended.

BetMGM Unveils Fastest, Most Intuitive and Rewarding App Ahead of Football Season

BetMGM Unveils Fastest, Most Intuitive and Rewarding App Ahead of Football Season

August 20, 2025
Equinix Provides Robust 2026 Outlook Driven by Strong Fourth-Quarter Results and Accelerating Business Momentum

Equinix Provides Robust 2026 Outlook Driven by Strong Fourth-Quarter Results and Accelerating Business Momentum

February 12, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio