ThreatCluster

ShadowPad Malware Exploits WSUS Vulnerability for System Access

First seen 24 Nov 2025, 22:26 UTC Itsecuritynews.InfoSecurityaffairs.Co 86% similarity 33

Article Content

Browse articles
ThreatCluster

Attackers exploited a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, to deploy ShadowPad malware. This backdoor, associated with China-linked APT groups, allows for full system access. Microsoft issued an emergency patch on November 21, 2025, to address this security flaw.

ThreatCluster AI

Community

Browse all →