LINDENSEC

Summary Microsoft has released an urgent out-of-band security update to address CVE-2025-59287 (after a previous update in Patch Tuesday that didn't quite hit the nail on the head), a critical remote code execution vulnerability in Windows Server Update Services (WSUS) that is being actively exploited in the wild. This vulnerability allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges by exploiting unsafe deserialization in WSUS's cookie handling

A free PDF Editor turning itself into an infostealer overnight. Let's hunt it down with KQL!

ClickFix was bad enough; it became the second most common attack vector right after phishing. ClickFix tricked users with a deceptive webpage (often disguised as a CAPTCHA) that prompted them to copy and paste a string, open the Run dialog with WIN+R, and boom! Hidden in front of what looked like a harmless path was a whole PowerShell payload. This led to a surge in infostealers, cryptominers, and RATs. It was only a matter of time before similar techniques popped up. Inspire