%term

CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild

Oct 31, 2025 By Indusface In Indusface

Microsoft disclosed CVE-2025-59287 , a critical, unauthenticated RCE in Windows Server Update Services (WSUS) that lets attackers execute SYSTEM-level code via unsafe deserialization. In this video we break down how the exploit works, which servers are at risk, and real-world attack activity observed after the PoC went public.

View Video

Indusface

Read more about CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild

CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild

Oct 30, 2025 By Aayush Vishnoi In Indusface

In October 2025, Microsoft disclosed a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS), which enables unauthenticated attackers to gain full control over affected servers. WSUS is a central patch management tool in Windows environments, responsible for approving, distributing, and monitoring updates across corporate networks.

Read Post

Indusface

Read more about CVE-2025-59287: Critical WSUS Vulnerability Exploited in the Wild

Introducing Seemplicity's AI Agents for Exposure Management: A New Era of Action

Oct 30, 2025 By Megan Horner In Seemplicity

Security teams don’t struggle to find exposures – they struggle to fix them. The new Seemplicity AI Agents change that. Integrated into the Exposure Action Platform, they combine intelligence and automation to help teams move faster, stay aligned, and reduce risk. From clear findings and ownership mapping to guided fixes and executive insights, Seemplicity’s AI Agents make exposure management truly action-driven.

Read Post

Seemplicity

Read more about Introducing Seemplicity's AI Agents for Exposure Management: A New Era of Action

UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities

Oct 30, 2025 By Arctic Wolf Labs In Arctic Wolf

Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community)

Read Post

Arctic Wolf

Read more about UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities

Understanding CVSS 4.0 and the Future of Vulnerability Scoring

Oct 30, 2025 By Corey Tomlinson In Nucleus

The Common Vulnerability Scoring System (CVSS) has been the industry’s go-to framework for assessing vulnerability severity for nearly two decades. It provides a standardized way to measure and communicate the technical impact of a vulnerability. As threat landscapes evolve and organizations mature in their vulnerability management practices, questions about its relevance and limitations persist. That even led to our co-founder, Scott Kuffer, writing a defense of the algorithm earlier this year.

Read Post

Nucleus

Read more about Understanding CVSS 4.0 and the Future of Vulnerability Scoring

CVSS 4.0 and its Evolving Role in Vulnerability Management

Oct 30, 2025 By Nucleus Security In Nucleus

Adam Dudley, Nucleus VP of Strategy and Alliances, provides some background on the Common Vulnerability Scoring System (CVSS) version 4.0 in this Nucleus conversation. He discusses the improvements made in the new version, the evolving role of CVSS in vulnerability management, the limitations practitioners face, and the future of scoring systems in the context of emerging technologies like AI. The conversation emphasizes the importance of context and quality inputs in effectively utilizing CVSS for risk assessment.

View Video

Nucleus

Read more about CVSS 4.0 and its Evolving Role in Vulnerability Management

Installing Chrome Dev Tools MCP in Goose

Oct 30, 2025 By Snyk In Snyk

Installing Chrome Dev Tools MCP in Goose.

View Video

Snyk

Read more about Installing Chrome Dev Tools MCP in Goose

Seemplicity Releases Four AI Agents to Bring Action to Enterprise Exposure Management

Oct 29, 2025 By Seemplicity In Seemplicity

First AI agents purpose-built to help security teams fix exposures up to 4x faster.

Read Post

Seemplicity

Read more about Seemplicity Releases Four AI Agents to Bring Action to Enterprise Exposure Management

What is vulnerability scanning?

Oct 29, 2025 By Tanium In Tanium

Vulnerability scanning identifies weaknesses across systems, applications, and networks to help organizations reduce exposure and stay ahead of threats.

Read Post

Tanium

Read more about What is vulnerability scanning?

No PoCs? No problem. How to hunt for F5 exploitation even when details are sparse

Oct 28, 2025 By David Burkett In Corelight

Endpoint detection and response (EDR) tools, and the analysts using them, have become incredibly effective. They have become so good, in fact, that we're now seeing a clear shift in adversary behavior: attackers are being pushed off the endpoint and onto places where EDR cannot run. This isn't just a theory. As I was writing a separate blog about a recent Cisco exploit which spurred an immediate CISA emergency directive, news dropped about another major network edge vendor, F5.

Read Post