Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Briefly

"Newly Patched Critical Microsoft WSUS Flaw Comes Under Attack - Microsoft released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability that has since come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week."

"YouTube Ghost Network Delivers Stealer Malware - A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads. Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the year. The campaign leverages hacked accounts and replaces their content with "malicious" videos that are centred around pirated software and Roblox game cheats to infect unsuspecting users searching for them with stealer malware."

"Security, trust, and stability - once the pillars of our digital world - are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here's how that false sense of security was broken again this week."