Following is a summary of the latest updates:

• Microsoft WSUS CVE-2025-59287 Remote Code Execution: Introduced a new analytic story for the exploitation of CVE-2025-59287, a critical WSUS deserialization vulnerability enabling unauthenticated remote code execution. Added a new detection - Windows WSUS Spawning Shell - and tagged related process-based detections to enhance post-exploitation visibility.
• Oracle E-Business Suite Exploitation (TALOS Collaboration): Released new Snort-based detections developed with Cisco Talos to identify exploitation attempts against Oracle E-Business Suite. These analytics detect anomalous web requests, payload delivery, and lateral movement behaviors targeting enterprise ERP systems based on Snort Alerts
• HTTP Request Smuggling: Introduced a new analytic story to detect and investigate HTTP request smuggling techniques that exploit discrepancies in how web servers and proxies handle request sequences. Added detections - HTTP Suspicious Tool User Agent, HTTP Request to Reserved Name, HTTP Rapid POST with Mixed Status Codes, HTTP Possible Request Smuggling, and HTTP Duplicated Header - leveraging searches for indicators like CL.TE, TE.TE, and CL.0 to identify abuse of HTTP parsing logic and potential security control bypasses.
• Scattered Lapsus$ Hunters and Hellcat Ransomware: Tagged a broad set of existing TTPs and added new analytic stories covering the Scattered Lapsus$ Hunters coalition (Scattered Spider, Lapsus$, and Shiny Hunters) and the Hellcat Ransomware RaaS group. These updates enhance visibility into MFA bypass, credential theft, remote access tool abuse, PowerShell infection chains, SSH persistence, and custom ransomware payloads targeting critical infrastructure, telecom, and government sectors.

These additions strengthen security teams' ability to detect and respond to emerging threats across critical enterprise platforms.