Neural Newscast

menu close

Quest KACE SMA Systems Hijacked via Max-Severity Exploit [Prime Cyber Insights]

/ 01:22/E1267
This briefing examines the active exploitation of CVE-2025-32975, a maximum-severity authentication bypass vulnerability in Quest KACE Systems Management Appliances. Cybersecurity firm Arctic Wolf has observed threat actors weaponizing this flaw—which carries a CVSS score of 10.0—since the week of March 9, 2026. Despite Quest releasing a patch in May 2025, unpatched systems exposed to the internet are being targeted to gain administrative control and drop Base64-encoded payloads via curl. The attackers are leveraging runkbot.exe and PowerShell to maintain persistence, eventually moving laterally to domain controllers and backup infrastructure like Veeam and Veritas. We also discuss the emergence of the 'Zombie ZIP' method, which leverages archive structures to evade traditional antivirus detection. This episode provides practitioners with the technical indicators and mitigation steps necessary to secure endpoint management infrastructure against these evolving credential harvesting and remote execution tactics.

Cybersecurity practitioners are facing a surge in targeted attacks against Quest KACE Systems Management Appliances. This episode of Prime Cyber Insights breaks down the technical specifics of CVE-2025-32975, a CVSS 10.0 vulnerability being used to hijack administrative accounts. We analyze the specific tactics observed by Arctic Wolf, including the use of runkbot.exe for account creation and RDP targeting of backup servers. Beyond Quest, we cover the 'Zombie ZIP' evasion technique and recent Apple WebKit security updates to help you prioritize your remediation efforts this week.

Topics Covered

  • 🚨 Analysis of CVE-2025-32975 and the active hijacking of Quest KACE SMA systems.
  • 🛡️ Technical TTPs including runkbot.exe exploitation and Mimikatz credential harvesting.
  • 🌐 The risk of exposing management appliances to the public internet and patching lag.
  • 📦 Understanding the 'Zombie ZIP' method and how it bypasses traditional AV scanners.
  • 💻 Mandatory security updates for Apple WebKit and iPhone persistence threats.

Disclaimer: This briefing is for informational purposes and does not constitute professional security advice.

Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.

Quest KACE SMA Systems Hijacked via Max-Severity Exploit [Prime Cyber Insights]

headphones Listen Anywhere

More Options »
Broadcast by