ASUS Live Update software has a critical vulnerability (CVE-2025-59374) caused by a supply chain compromise, currently actively exploited. This issue stems from malicious code embedded in affected versions, linked to the Operation ShadowHammer campaign targeting specific users. #OperationShadowHammer #CVE2025-59374
Keypoints
- The vulnerability impacts certain ASUS Live Update versions introduced through a supply chain attack.
- The flaw allows malicious code execution in targeted devices meeting specific conditions.
- The breach is linked to the 2019 Operation ShadowHammer campaign by APT group, targeting specific MAC addresses.
- ASUS recommends updating to version 3.6.8 or higher and ceasing use of the software by January 7, 2026.
- CISA has added this to its KEV catalog and urges government agencies to take immediate action.
Read More: https://thehackernews.com/2025/12/cisa-flags-critical-asus-live-update.html