ShadowPad Malware Exploits WSUS Vulnerability for System Access
First seen 24 Nov 2025, 22:26 UTC
•
•86% similarity
•33
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Attackers exploited a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, to deploy ShadowPad malware. This backdoor, associated with China-linked APT groups, allows for full system access. Microsoft issued an emergency patch on November 21, 2025, to address this security flaw.
ThreatCluster AI