WSUS flaw exploited for ShadowPad malware deployment

November 25, 2025

Security Affairs reports that threat actors leveraged a recently patched Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) to deploy the ShadowPad malware, a backdoor commonly associated with China-linked APT groups.

AhnLab Security Intelligence Center discovered that attackers exploited the WSUS flaw to gain access to servers, using PowerCat for a shell and deploying ShadowPad via certutil and curl. The flaw, allowing remote code execution with SYSTEM privileges, poses significant risks to organizations. Microsoft issued an out-of-band fix, but the flaw remains actively exploited, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to list it as a known exploited vulnerability.

Organizations are advised to apply the patch, restrict WSUS access, monitor for suspicious activities and enhance network security.

Source: Security Affairs

SC Staff

Ransomware

Attackers drop DragonForce ransomware leveraging MS Teams relay systems

Steve ZurierJune 17, 2026

DragonForce ransomware abused Microsoft Teams relay infrastructure to hide C2 traffic.

Malware

SprySOCKS backdoor expands to Windows with new variants

SC StaffJune 16, 2026

The Windows variants, WIN_DRV and WIN_PLUS, retain the core architecture of their Linux predecessor, including command-and-control (C2) protocols and encryption methods.

Malware

Malware distributed via Steam Workshop wallpapers

SC StaffJune 16, 2026

Kaspersky researchers have identified that malicious actors are exploiting the Steam Workshop platform, specifically through the Wallpaper Engine application, to distribute malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Adware Bug Buffer Overflow Disassembly