Welcome to today's edition of ONSEC Cyber Daily, where the digital battlefield is more active than ever. Our top story reveals a critical vulnerability, CVE-2025-59287, in Windows Server Update Services (WSUS) that has hackers scanning TCP Ports 8530/8531, posing a significant threat to unpatched systems. Meanwhile, the BADCANDY webshell continues to exploit vulnerable Cisco IOS XE devices, highlighting the urgent need for robust patch management. As Microsoft grapples with hotpatching failures following a WSUS update, the cybersecurity landscape is further complicated by new vulnerabilities in VMware, XWiki, and TP-Link devices. Stay informed and secure as we navigate these pressing cyber threats together.

Exploits Alert

1. Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287: Cybersecurity researchers have identified a significant increase in scanning activity targeting TCP ports 8530 and 8531, associated with a known vulnerability in Windows Server Update Services (WSUS). This vulnerability, CVE-2025-59287, could potentially allow attackers to exploit unpatched systems, emphasizing the need for immediate updates and monitoring. Source.
2. BADCANDY Webshell Spread via Vulnerable Cisco IOS XE Device Targeting: The BADCANDY webshell is being actively deployed through vulnerabilities in Cisco IOS XE devices, posing a significant threat to network security. This exploit allows attackers to gain unauthorized access and control over affected devices, highlighting the importance of patching and securing network infrastructure. Source.
3. The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes: Cyble's latest vulnerability report underscores critical security updates from Apache and Microsoft, urging users to apply patches promptly. The report highlights the ongoing risks of cyberattacks exploiting these vulnerabilities, stressing the need for vigilance and timely updates to protect systems. Source.
4. Warning about Attacks on Vulnerabilities in VMware and XWiki: CISA has issued a warning regarding active exploitation of vulnerabilities in VMware Aria Operations and VMware Tools. These vulnerabilities could lead to unauthorized access and data breaches, making it crucial for organizations to implement the recommended security patches and mitigations. Source.
5. ToolShell Exploit in Public-Facing Applications: Security teams are advised to address vulnerabilities in applications built with python-socket.io, as the ToolShell exploit is actively targeting these systems. Immediate patching is recommended to prevent unauthorized access and potential data breaches. Source.

Vulnerabilities & Patches

1. TP-Link Flaws Put Pakistan Networks at Risk: The National CERT of Pakistan has issued a high-priority advisory warning about newly discovered vulnerabilities in TP-Link devices. These flaws could potentially expose networks to unauthorized access and data breaches. Organizations are urged to follow patch management guidance and coordinate across sectors to mitigate risks. Source: PhoneWorld
2. iOS 26.1 Security Update: Apple has rolled out iOS 26.1, which includes over 50 security patches addressing various vulnerabilities. Notably, CVE-2025-43426 and CVE-2025-43413 are among the critical fixes. iPhone users are advised to update their devices promptly to enhance security. Source: Free Press Journal
3. Samsung November 2025 One UI Update: Samsung's latest One UI update delivers 45 security improvements, including two critical and 23 high-level CVEs. The update also addresses vulnerabilities in devices powered by Exynos chips, enhancing overall device security. Source: Sammy Fans
4. Windows GDI Flaws: New vulnerabilities in Windows Graphics Device Interface (GDI) have been identified, posing risks of remote code execution and data leaks. Microsoft has addressed these issues in its May, July, and August 2025 Patch Tuesday updates. Users are encouraged to apply these patches to protect their systems. Source: TechNadu
5. Monitoring Software Vulnerabilities: IBM Tivoli Monitoring and Nagios XI have been found vulnerable to several security issues, including CVE-2025-34286 and CVE-2025-34284. Patches are available for download to close these vulnerabilities, and users are advised to update their systems to prevent potential exploitation. Source: Heise Online

Podcasts

1. The Department of Know: Azure Security Pitfalls: This podcast episode dives into the common security pitfalls associated with Azure, offering insights into how organizations can better protect their cloud environments. The discussion includes real-world examples and expert advice on avoiding these vulnerabilities. Source: CISO Series.
2. No Cyber Risk Insurance? Fool Around and Find Out: This episode from Lloyd's List explores the critical importance of cyber risk insurance in today's digital landscape. Industry experts discuss the potential consequences of neglecting this aspect of cybersecurity and offer strategies for mitigating risks. Source: Lloyd's List.
3. Optimizing Access Management with Imprivata: In this CISO Series podcast, Chip Hughes, chief product officer at Imprivata, discusses the latest trends and technologies in access management. The episode provides valuable insights into optimizing security protocols while maintaining user convenience. Source: CISO Series.
4. Australia BadCandy, Cisco Firewall Attack: This episode covers the latest cybersecurity news, including a warning about the BadCandy malware in Australia and a recent attack on Cisco firewalls. The podcast provides an in-depth analysis of these threats and offers recommendations for enhancing security measures. Source: CISO Series.
5. Cybersecurity Unplugged: This podcast series offers a deep dive into the world of cybersecurity, featuring interviews with industry leaders and experts. Each episode provides listeners with valuable insights into the latest trends, challenges, and innovations in the cybersecurity landscape. Source: CISO Series.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From hackers scanning TCP Ports 8530/8531 linked to the WSUS vulnerability CVE-2025-59287, to the spread of the BADCANDY webshell via vulnerable Cisco devices, the threats are evolving rapidly. Our collective vigilance is crucial in navigating these challenges. Remember, cybersecurity is a shared responsibility. By staying informed and proactive, we can better protect our networks and data. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Until next time, stay safe and stay informed!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)