Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.
Three security researchers, MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH, have been acknowledged for discovering and reporting the bug.
Source: The hacker news / Bleeping computer / Securityweek / Dark reading / Microsoft security advisory / Hawktrace security
Link: https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html
Link: https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/
Link: https://www.darkreading.com/vulnerabilities-threats/microsoft-emergency-patch-windows-server-bug
Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
Link: https://hawktrace.com/blog/CVE-2025-59287
Chrome Zero-Day Exploited to Deliver Italian Memento Labs‘ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.
The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under active exploitation as part of a campaign dubbed Operation ForumTroll targeting organizations in Russia. The cluster is also tracked as TaxOff/Team 46 by Positive Technologies and Prosperous Werewolf by BI.ZONE. It’s known to be active since at least February 2024.
Source: The hacker news / Bleeping computer / Securityweek / Helpnet security / Infosecurity magazine
Link: https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
Link: https://www.securityweek.com/chrome-zero-day-exploitation-linked-to-hacking-team-spyware/
Link: https://www.helpnetsecurity.com/2025/10/28/dante-spyware-chrome-zero-day/
Link: https://www.infosecurity-magazine.com/news/chrome-zero-day-flaw-exploited/
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network traffic.
While attackers have yet to be spotted exploiting the flaw, a proof-of-concept (PoC) exploit code has been published, making it critical for administrators to patch internet-facing resolvers.
Source: Helpnet security /GitHub
Link: https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/
Link: https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918
Why Early Threat Detection Is a Must for Long-Term Business Growth
In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn every day.
Companies that treat cybersecurity as a reactive cost center usually find themselves patching holes, paying ransoms, and dealing with downtime. Companies that invest in proactive visibility, threat intelligence, and early detection mechanisms stay in the game longer. With trust, uptime, and innovation intact.
Source: The hacker news
Link: https://thehackernews.com/2025/10/why-early-threat-detection-is-must-for.html
Visibility Gaps: Streamlining Patching and Vulnerability Remediation
For years, patch management has been one of the least glamorous yet most consequential aspects of IT operations. Vulnerabilities emerge daily, and while most administrators know the importance of timely updates, the actual implementation is rarely straightforward.
Between managing complex environments, balancing uptime requirements, and coordinating across distributed endpoints, many organizations end up with blind spots that quietly expand into risk exposure.
Source: Bleeping computer
Cybersecurity on a budget: Strategies for an economic downturn
During economic uncertainty, businesses face the challenge of maintaining strong cybersecurity while managing tightened budgets. Cyber threats can become more numerous, motivated, and persistent during economic downturns, making the need for resilient, cost-effective security measures critical. This blog shares practical strategies to help absorb budget cuts while minimizing the damage to an organization’s cybersecurity posture.
Source: CISCO Talos intelligence group
Link: https://blog.talosintelligence.com/cybersecurity-on-a-budget-strategies-for-an-economic-downturn/
MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS
MITRE announced on Tuesday that its ATT&CK framework has been updated to version 18, with significant changes in several sections. The organization said the October 2025 update of ATT&CK, the widely used knowledge base of adversary tactics and techniques, brings improvements in terms of techniques, groups, campaigns, and software.
The federally funded research and development center said the biggest modifications compared to ATT&CK v17 are related to the defensive content of ATT&CK.
Specifically, two new objects have been added to detections: Detection Strategies, which defines high-level approaches for detecting specific attacker techniques, and Analytics, which provides platform-specific threat detection logic.
Source: Securityweek / MITRE ATT&CK
Link: https://www.securityweek.com/mitre-unveils-attck-v18-with-updates-to-detections-mobile-ics/