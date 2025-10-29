Malicious actors have escalated intrusions exploiting the critical untrusted data flaw in Windows Server Update Service, tracked as CVE-2025-59287, following the release of a proof-of-concept flaw last week, Cybersecurity Dive reports.Intrusions involving the flaw have already been launched by the newly emergent UNC6512 threat operation to compromise various organizations, according to the Google Threat Intelligence Group. Initial access and subsequent reconnaissance efforts to associated environments have allowed UNC6521 to conduct data exfiltration from the targeted entities, said researchers.Such a development comes after the bug which has already been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog was reported by Eye Security researchers to have been exploited by two or more adversarial forces since Friday. Another report from Palo Alto Networks Unit 42 researchers noted attacks exploiting the vulnerability to execute illicit PowerShell commands. Nearly 2,800 internet-exposed Windows Server instances were observed by The Shadowserver Foundation to be at risk of potential intrusions.
Attacks involving critical WSUS vulnerability under investigation
