CVE-2025-59287 WSUS Unauthenticated RCE

Vulnerability in update service enables unauthenticated attacker to send crafted encrypted cookie leading to unsafe deserialization and SYSTEM-level code execution

https://hawktrace.com/blog/CVE-2025-59287-UNAUTH

#Deserialization #PatchMgmt

Chrome PIP UI spoofing (CVE-2025-8577) poses medium risk by tricking users via crafted HTML. SMBs: enforce Chrome auto-updates, upgrade to v139.0.7258.66+, update browser policies, brief staff on phishing signs. #Security #PatchMgmt

https://cvefeed.io/vuln/detail/CVE-2025-8577

A medium-severity use-after-free flaw in Chrome’s Cast component allows remote heap corruption via crafted HTML. Ensure all business endpoints run Chrome 139.0.7258.66+ to close the gap. #SMBSecurity #PatchMgmt

https://cvefeed.io/vuln/detail/CVE-2025-8578