When Microsoft disclosed a critical flaw in its Windows Server Update Services (WSUS) platform earlier this month, few expected the exploit to escalate this quickly—or this creatively. Just days after the company’s out-of-band fix was released on October 23, attackers began weaponizing the vulnerability, designated CVE-2025-59287 , to infiltrate enterprise environments and hijack the very infrastructure meant to distribute trusted software updates. The Darktrace Threat Research team, wh...
