A critical remote code execution vulnerability in Microsoft WSUS (CVE-2025-59287) was actively exploited in the wild shortly after an emergency patch was released. The flaw allows unauthenticated attackers to execute arbitrary code on affected servers, primarily impacting systems with the WSUS role enabled. Microsoft recommends immediate patching or applying workarounds such as disabling the WSUS role or blocking high-risk ports to mitigate the risk.
Microsoft released urgent out-of-band security updates for a critical WSUS vulnerability (CVE-2025-59287) that is actively being exploited in the wild, allowing remote code execution through unsafe deserialization. Users are advised to apply the patch immediately and follow recommended mitigations to prevent attacks.
Microsoft released a critical out-of-band update for Windows Server Update Services (WSUS) to fix a severe vulnerability (CVE-2025-59287) that allows remote code execution, affecting servers with the WSUS role enabled. The update is urgent, especially as WSUS is deprecated, prompting Microsoft to recommend switching to cloud-based solutions like Intune. A reboot is required, and administrators are advised to disable the role or block specific ports if immediate patching isn't possible.
A critical security vulnerability named TARmageddon (CVE-2025-62518) has been disclosed in the popular Rust async-tar library and its forks, allowing remote code execution through file overwriting, despite Rust's usual safety guarantees. The vulnerability affects downstream projects like uv Python package manager, and patching efforts are underway due to the lack of upstream maintenance for some forks.
A PoC exploit has been released for a critical vulnerability in Windows Server Update Services (CVE-2025-59287), allowing unauthenticated attackers to execute remote code with SYSTEM privileges by exploiting unsafe deserialization in the AuthorizationCookie handling. The flaw affects all supported Windows Server versions and poses a severe risk of widespread compromise, prompting Microsoft to urge immediate patching and mitigation measures.
Google has released a critical security update for Android to patch actively exploited 0-day vulnerabilities, including a zero-interaction remote code execution flaw and a kernel privilege escalation bug, urging users and manufacturers to update immediately to protect devices.
CISA warns of a critical zero-day vulnerability in WhatsApp (CVE-2025-55177) that allows attackers to manipulate device synchronization messages, potentially leading to remote code execution and content spoofing. Users and organizations are urged to apply the September 2 patch or suspend WhatsApp use until secure updates are implemented.
Zoom and Xerox have released critical security updates to fix vulnerabilities that could allow privilege escalation and remote code execution, affecting Zoom Windows clients and Xerox FreeFlow Core, with the latter's issues being highly severe and exploitable for arbitrary command execution.
Cybersecurity researchers have identified critical vulnerabilities in Axis Communications' surveillance products, exposing over 6,500 servers globally, including nearly 4,000 in the U.S., which could allow attackers to take control of cameras and compromise internal networks. These flaws involve remote code execution and authentication bypass issues, though no exploits have been observed in the wild.
A security vulnerability in Cursor IDE's Model Context Protocol (MCP) allows attackers to silently modify trusted configurations to execute arbitrary commands, leading to persistent remote code execution. The flaw stems from the IDE's trust model, which only prompts for approval once, enabling malicious modifications to go unnoticed and be re-executed every time a project is opened or synchronized. The issue was responsibly disclosed and addressed in Cursor version 1.3, with recommendations to update to the latest version to mitigate risks.
Security researcher Bobby Gould has published a detailed exploit chain for a critical remote code execution vulnerability (CVE-2025-20281) in Cisco ISE, which was actively exploited in attacks after Cisco issued patches. The exploit demonstrates how attackers can achieve root access by exploiting unsafe deserialization and command injection, emphasizing the importance of applying security updates immediately. Although the exploit isn't weaponized, it provides hackers with the technical details needed to recreate the attack, potentially increasing malicious activity.
Microsoft has released urgent security patches for actively exploited vulnerabilities in on-premises SharePoint servers, including a critical RCE flaw (CVE-2025-53770) and a spoofing flaw (CVE-2025-53771), amid ongoing cyber attacks targeting organizations like banks, universities, and government agencies. The vulnerabilities, which do not affect SharePoint Online, have been exploited since July, prompting urgent recommendations for organizations to update, rotate keys, and enhance defenses to prevent further breaches.
Microsoft released updates fixing 130 vulnerabilities in its products, including critical flaws in SPNEGO and SQL Server, ending a streak of patching exploited zero-days; the most severe is a remote code execution flaw in SPNEGO that could be wormable, requiring immediate attention from users and administrators.
A critical vulnerability in the WordPress Hunk Companion plugin, tracked as CVE-2024-11972, is being exploited by attackers to install other vulnerable plugins, leading to potential Remote Code Execution (RCE) and other attacks. The flaw affects all versions before 1.9.0 and allows unauthorized plugin installations, posing significant security risks. This vulnerability is a patch bypass for a similar flaw, CVE-2024-9707, and highlights the importance of securing WordPress components. Additionally, a high-severity flaw in the WPForms plugin has been disclosed, affecting millions of sites.
Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall management interface, which is being actively exploited to deploy web shells for persistent remote access. The flaw, with a CVSS score of 9.3, allows unauthenticated remote command execution and requires no user interaction. While patches are not yet available, users are urged to secure their management interfaces. The vulnerability is distinct from other recent critical flaws in Palo Alto Networks products, and there is no evidence linking the activities.
