A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.
« The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access, » AhnLab Security Intelligence Center (ASEC) said in a report published last week. « They then used PowerCat, an open-source
