Critical WSUS Vulnerability Exploited for ShadowPad Deployment

Security researchers have discovered a sophisticated cyberattack targeting Microsoft Windows Server Update Services (WSUS) infrastructure. Attackers are exploiting a critical remote code execution vulnerability, CVE-2025-59287, to deploy ShadowPad, a backdoor malware linked to state-sponsored APT groups. The vulnerability allows for remote code execution with system-level privileges, making WSUS servers high-value targets. The attackers rapidly weaponized the exploit after proof-of-concept code became available, using legitimate Windows utilities to install the malware. Organizations are urged to apply the security update from Microsoft and audit their WSUS servers for suspicious activity.