A newly exploited security flaw in Microsoft Windows Server Update Services (WSUS) has been used by threat actors to deploy ShadowPad malware, a sophisticated backdoor associated with Chinese hacking groups. The vulnerability CVE-2025-59287 enables remote code execution, allowing attackers to gain system privileges and establish persistent access. #CVE2025-59287 #ShadowPad #WSUS #ChineseEspionage
Keypoints
- The security flaw CVE-2025-59287 affects Microsoft WSUS and was patched last month.
- Threat actors exploited this vulnerability to distribute ShadowPad malware in targeted attacks.
- Attackers used PowerShell utilities like PowerCat, certutil, and curl to establish system access.
- ShadowPad is a modular backdoor linked to Chinese state-sponsored hacking efforts, first identified in 2015.
- The attack involved DLL side-loading and anti-detection techniques to maintain persistence.
Read More: https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html