Topic: system privileges
-
Critical RCE Flaw in Trend Micro Apex Central: Patch Now
A critical vulnerability (CVE-2025-69258) in Trend Micro's Apex Central console allows unauthenticated attackers to remotely execute malicious code with the highest SYSTEM privileges. The flaw, discovered by Tenable, is exploited by sending a crafted message to a specific port, forcing the system...
Read More » -
Critical JumpCloud Windows Agent Flaw Allows Local Privilege Escalation
A critical security flaw (CVE-2025-34352) in JumpCloud's Remote Assist for Windows agent allows local users to escalate privileges to SYSTEM level or cause denial-of-service attacks by exploiting insecure file handling during uninstallation. The vulnerability stems from the agent's uninstaller pe...
Read More » -
Urgent WSUS Vulnerability: Patch Windows Server Now
A critical security flaw (CVE-2025-59287) in Microsoft's WSUS allows unauthorized remote code execution with system-level privileges, affecting multiple Windows Server versions. The vulnerability stems from the deserialization of untrusted data, enabling attackers to fully compromise servers, pro...
Read More » -
Triofox Hack: Critical File-Sharing Flaw Exploited
A critical security vulnerability (CVE-2025-12480) in Gladinet's Triofox platform allows attackers to execute malicious code by exploiting improper access control and manipulating the antivirus feature, affecting versions prior to 16.7.10368.56560. The exploitation campaign, tracked as UNC6485, b...
Read More » -
Urgent: Actively Exploited WSUS Bug Now on CISA KEV List
A critical security flaw (CVE-2025-59287) in Windows Server Update Services (WSUS) allows unauthenticated attackers to execute remote code with system privileges by exploiting the GetCookie() endpoint. The vulnerability is under active exploitation, prompting urgent patching by Microsoft and incl...
Read More » -
CISA Urges Immediate Patch for Critical Windows Server Flaw
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) allows attackers to gain full SYSTEM-level control without user interaction, posing a severe threat to organizational networks. CISA has mandated federal agencies to patch the flaw within thre...
Read More » -
Microsoft Issues Critical Windows Update Amid Active Attacks
Microsoft has issued an urgent security update for Windows Server to patch a critical vulnerability (CVE-2025-59287) that is actively being exploited, allowing remote code execution with system privileges. Only servers with the WSUS Server Role enabled are vulnerable, and CISA has mandated federa...
Read More » -
Active Attacks Exploit Critical WSUS Flaw in Windows Server
Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More » -
Trend Micro Apex Central RCE PoC Released (CVE-2025-69258)
Trend Micro has issued a critical security update for its Apex Central on-premise platform, addressing multiple vulnerabilities, including a severe one (CVE-2025-69258) that allows unauthenticated attackers to execute code with SYSTEM privileges. The vulnerabilities, discovered by Tenable, involv...
Read More »