Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation

Source: The Hacker News

Security researchers observed real-world exploitation of the WSUS bug shortly after disclosure. The write-ups outline initial access and payload delivery patterns. Admins should review egress traffic, restrict WSUS exposure, and verify that emergency patches applied cleanly across all downstream servers.

Link to article

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

Source: SecurityWeek

The cybersecurity firm first warned of the campaign in early March, when it identified over 10,000 domains linked to the impersonation of toll and package delivery services. Roughly a month later, it warned of over 91,500 root domains employed in these attacks.

Link to article

Critical Claroty Authentication Bypass Flaw Opened OT to Attack

Source: Dark Reading

Vulnerabilities in technologies that provide access to operational technology environments are particularly dangerous because they can allow an attacker to disrupt critical industrial systems, steal sensitive data, and gain unauthorized control over essential infrastructure.

Link to article

CISA Warns of Exploited DELMIA Factory Software Vulnerabilities

Source: SecurityWeek

CISA flagged active exploitation of DELMIA Apriso flaws used in factory operations. Manufacturers and suppliers should prioritize patching, lock down admin consoles, and review partner access. Even non-manufacturing firms should ask vendors if this software touches shared supply chains.

Link to article

Microsoft Azure Cloud Apps Shut Down by Configuration Error

Source: Bank Info Security

A Microsoft configuration change triggered an Azure/M365 outage, underscoring operational risk beyond cyberattacks. SMBs should document SaaS failovers, diversify identity and email contingencies, and test communication plans for customer-facing disruptions.

Link to article