News

Critical Patches Required for WSUS Flaw CVE-2025-59287 Amid Rising Exploits

Luciano Ferrari

28 Oct 2025 — 2 min read

Tuesday, October 28, 2025

Top 5 Cybersecurity Stories You Should Know

Critical Patches Required for WSUS Flaw CVE-2025-59287 Amid Rising Exploits — tl;dr: Security teams must urgently address a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, which is actively being exploited to allow remote code execution with SYSTEM privileges. Additionally, outdated WordPress plugins are facing renewed attacks, with millions of exploit attempts tied to vulnerabilities from the previous year. The cyberespionage landscape is also evolving, highlighted by a Chrome zero-day (CVE-2025-2783) linked to Hacking Team's spyware. Organizations should prioritize patching these vulnerabilities and enhance their defenses against sophisticated ransomware and smishing campaigns.
↪ https://medium.com/@securityscout/security-review-critical-zero-days-and-vulnerability-patches-you-cant-ignore-27-october-2025-77a42a5ec1bf
Critical RCE Vulnerability CVE-2025-59287 in WSUS Exploited in Attacks — tl;dr: A critical remote code execution vulnerability, tracked as CVE-2025-59287, in Windows Server Update Services (WSUS) is being actively exploited by attackers. This flaw affects Windows servers with the WSUS Server role enabled, allowing low-complexity attacks without requiring user interaction. Microsoft has released emergency patches for various Windows Server versions and advises immediate installation. Administrators unable to apply the patches should disable the WSUS Server role as a temporary measure to mitigate risk. Cybersecurity firms have reported scanning and exploitation attempts, emphasizing the urgency of addressing this vulnerability.
↪ https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/
Ransomware Payments Hit Historic Low in Q3 2025, Analysis Shows — tl;dr: Ransomware payments fell to a record low of 23% in Q3 2025, as reported by Coveware. The average ransom payment dropped by 66% to approximately $377,000, while the median payment decreased by 65% to $140,000. This decline is attributed to large enterprises refusing to pay ransoms and mid-market firms opting for smaller payments. Ransomware groups like Akira and Qilin are increasingly targeting smaller organizations. The report highlights the need for continued vigilance and proactive cybersecurity measures to combat evolving threats, especially in the professional services sector.
↪ https://www.securityweek.com/ransomware-payments-dropped-in-q3-2025-analysis/
Cybersecurity Awareness Month 2023: Building a Cyber Strong America — tl;dr: October marks Cybersecurity Awareness Month, emphasizing the importance of cybersecurity for U.S. critical infrastructure. This year's theme, 'Building a Cyber Strong America,' focuses on the role of small and medium businesses, as well as state, local, tribal, and territorial governments in enhancing cybersecurity resilience. CISA urges these entities to take immediate action to secure their operations against cyber threats. Resources and toolkits are available to help organizations implement effective cybersecurity measures, ensuring the protection of sensitive data and critical services. Individuals and families can also access tips and tools for online safety.
↪ https://www.cisa.gov/cybersecurity-awareness-month
#StopRansomware: Interlock Ransomware Advisory by CISA and FBI — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory on the Interlock ransomware, first detected in September 2024, targeting various sectors in North America and Europe. This ransomware employs a double extortion model, encrypting and exfiltrating data, and utilizes unique methods for initial access, including drive-by downloads and social engineering techniques. Organizations are urged to implement strong cybersecurity measures such as DNS filtering, patch management, and multifactor authentication to mitigate risks associated with Interlock ransomware attacks.
↪ https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a