My Next Class

… more classes

Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287
We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287
https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440

BADCANDY Webshell Implant Deployed via
The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy

Improvements to Open VSX Security
In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident.
https://blogs.eclipse.org/post/mikaël-barbero/open-vsx-security-update-october-2025

Login here to join the discussion.