Microsoft has released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is currently under active exploitation. The flaw allows unauthorized attackers to execute code over a network, necessitating immediate patching for affected Windows Server versions.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Over 250 attacks have been reported in just 24 hours targeting Adobe Commerce and Magento due to a critical flaw tracked as CVE-2025-54236. This vulnerability allows for customer account takeovers via the REST API, with only 38% of stores currently patched.

Oracle has announced a high-severity vulnerability in its E-Business Suite, tracked as CVE-2025-61884, which allows remote, unauthenticated access to sensitive resources. This flaw has not yet been exploited in the wild, but it poses significant risks to corporate users.

Oracle has issued an emergency fix for a critical information disclosure vulnerability in its E-Business Suite, tracked as CVE-2025-61884. The flaw allows remote unauthenticated access to sensitive resources, raising concerns about potential exploitation by threat actors.

Threat actors are increasingly using Discord webhooks as covert command-and-control channels within open-source packages, allowing for the stealthy exfiltration of sensitive data. This tactic leverages hard-coded webhook URLs to bypass security measures and exfiltrate secrets from developer environments.

Asahi, Japan's leading beer producer, has been forced to halt production at most of its factories due to a cyber-attack attributed to the ransomware group Qilin. The company is currently processing orders manually, leading to significant shortages of its products across the country.