A recently patched vulnerability in Microsoft’s Windows Server update services has led to a series of attacks using one of the most notorious espionage tools of recent years. The incidents demonstrate how quickly attackers can move from studying a published exploit to actively exploiting the vulnerability to penetrate infrastructure. According to South Korean company AhnLab , an unknown group gained access to Windows servers running WSUS by exploiting the CVE-2025-59287 vulnerability. This vulnerability was exploited to run standard system utilities, allowing attackers to contact an external server and download malicious code. Before installing the main tool, the PowerCat utility was used, which