WSUS Vulnerability Exploited for Malware Distribution

Security researchers have reported on a recent attack campaign where a vulnerability in Windows Server Update Services (WSUS) was actively exploited to deliver malware. Attackers leveraged compromised WSUS servers to push malicious updates to connected endpoints within corporate networks. This method allowed the threat actors to bypass traditional security measures by using a legitimate and trusted update mechanism.

The payload delivered in this campaign was identified as the Skuld infostealer, a variant of the Amadey botnet. Once installed, the Skuld malware is designed to exfiltrate sensitive information from compromised systems. Data targeted by the infostealer includes browser credentials, cryptocurrency wallet details, system information, and other valuable data that is then sent to an attacker-controlled command-and-control server.

Proof-of-Concept Published for BIND 9 Vulnerability

In a separate development, a proof-of-concept (PoC) exploit was publicly released for a critical vulnerability in the BIND 9 Domain Name System (DNS) software. The flaw, if exploited, could allow a remote attacker to trigger a denial-of-service (DoS) condition, causing the named service to terminate unexpectedly. The availability of a public PoC increases the risk of exploitation as it provides a clear roadmap for attackers to replicate the attack.

The Internet Systems Consortium (ISC), the developer of BIND 9, had previously released security advisories and patched versions to address the vulnerability. System administrators managing BIND 9 servers were urged to apply the necessary updates to mitigate the threat demonstrated by the now-public exploit code. The flaw impacts multiple versions of the widely used DNS software.

Source: https://www.helpnetsecurity.com/2025/11/02/week-in-review-wsus-vulnerability-exploited-to-drop-skuld-infostealer-poc-for-bind-9-dns-flaw-published/