Today’s top threat is a critical Windows Server (WSUS) vulnerability now under active exploitation, prompting an emergency out-of-band patch from Microsoft and a CISA alert. Security teams are also contending with mass attacks on outdated WordPress plugins and a novel self-spreading worm targeting VS Code extensions. This summary covers the essential details you need to secure your systems against these immediate threats.
Top 5 Critical Security Alerts
- Critical WSUS flaw in Windows Server now exploited in attacks: A critical remote code execution vulnerability in Windows Server Update Service (WSUS) is now under active exploitation in the wild, with a proof-of-concept exploit publicly available. Read more
- Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287: Microsoft and CISA are urging organizations to immediately apply an emergency out-of-band patch for the actively exploited WSUS vulnerability (CVE-2025-59287) to prevent remote code execution. Read more
- CISA Adds Two Known Exploited Vulnerabilities to Catalog — CISA has added the critical Microsoft WSUS flaw (CVE-2025-59287) and an Adobe Commerce vulnerability (CVE-2025-54236) to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate federal agency action. Read more
- Hackers launch mass attacks exploiting outdated WordPress plugins — A widespread campaign is actively targeting WordPress websites by exploiting old, critical remote code execution vulnerabilities in the GutenKit and Hunk Companion plugins. Read more
- Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack: A sophisticated, self-propagating worm dubbed ‘GlassWorm’ is spreading through Visual Studio Code extensions, representing a significant new software supply chain threat to developers. Read more
Threat Intelligence
- North Korean hacking group targeting European drone maker with ScoringMathTea malware — The North Korean Lazarus APT group is targeting a European drone manufacturer with ScoringMathTea malware as part of its ongoing ‘Operation DreamJob’ espionage campaign. Read more
- This browser claims “perfect privacies protection,” but it acts like malware: Security researchers warn that the ‘Universe Browser,’ which advertises strong privacy, behaves like malware and shows connections to Asian cybercrime and illegal gambling networks. Read more
- APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign — The Pakistan-linked APT36 group is targeting Indian government entities with spear-phishing attacks to deliver ‘DeskRAT,’ a new malware written in Golang. Read more
- New LockBit Ransomware Victims Identified by Security Researchers — Check Point researchers have identified a dozen new attacks attributed to the LockBit ransomware group, with several utilizing a new version of the malware. Read more
Security Breaches & Incidents
- Fake LastPass death claims used to breach password vaults: A new phishing campaign is targeting LastPass users with fraudulent emails about legacy inheritance requests in an attempt to gain unauthorized access to their password vaults. Read more
- Cyberattack on Russia’s food safety agency reportedly disrupts product shipments: A reported DDoS attack against Russia’s food safety watchdog has disrupted critical systems, including its veterinary certification platform, impacting product shipments. Read more
Security Tools & Best Practices
- How to reduce costs with self-service password resets — Implementing secure self-service password reset tools with multi-factor authentication can significantly reduce IT help desk calls, which account for nearly 40% of their workload. Read more
- Mozilla: New Firefox extensions must disclose data collection practices — Mozilla will soon require all Firefox extension developers to clearly disclose if their add-ons collect user data or share it with third parties, enhancing user transparency. Read more
Cloud & Network Security
- Amazon: This week’s AWS outage caused by major DNS failure: Amazon has attributed the massive AWS outage that affected numerous online services on Monday to a significant failure within its DNS infrastructure. Read more
Security Standards & Frameworks
- Counter Ransomware Initiative stresses importance of supply-chain security — A global coalition is urging companies to improve their software supply-chain security as threat actors increasingly use third-party products to launch ransomware attacks. Read more
Emerging Security Technologies
- Sneaky Mermaid attack in Microsoft 365 Copilot steals data: A novel indirect prompt injection technique, the ‘Mermaid attack,’ has been demonstrated to successfully exfiltrate data from Microsoft 365 Copilot, posing a new threat to AI assistants. Read more
- OpenAI positions ChatGPT as a search engine for work data with Company Knowledge: OpenAI’s new ‘Company Knowledge’ feature for ChatGPT Enterprise allows it to index and search data from internal tools, raising important data security and governance questions. Read more
