Cyber Security Headlines Microsoft WSUS vulnerability, LastPass death hoax, Copilot phishing technique
8 snips
Oct 27, 2025 A critical vulnerability in Microsoft's WSUS could allow hackers to execute remote code. Meanwhile, a deceptive campaign uses fake LastPass death notices to phish for passwords. The new CoPhish technique tricks users into granting OAuth consent via Copilot Studio agents, leading to token theft. Additionally, an international agreement on cybercrime was signed in Hanoi, and a DDoS attack disrupted food logistics in Russia. Research also highlights that passphrases outperform complex passwords for security.
AI Snips
Chapters
Transcript
Episode notes
Critical WSUS Remote Code Risk
- WSUS contains a critical deserialization bug that can enable remote code execution on servers.
- No user action is required, making it particularly dangerous for enterprise WSUS deployments.
Don't Enter Master Password On Spoofed Pages
- Verify any LastPass inheritance request links and domains before entering credentials.
- Treat unexpected 'No, I'm not dead' emails as phishing and do not enter your master password on unfamiliar pages.
CoFish Uses Copilot Studio For OAuth Theft
- CoFish abuses Copilot Studio agents to present OAuth consent via trusted Microsoft domains.
- This lets attackers obtain OAuth tokens through legitimate-looking flows hosted on copilotstudio.microsoft.