Category vulnerabilities

PerfektBlue Bluetooth Flaws Leave Millions of Vehicles Vulnerable to Remote Code Execution

On July 11, 2025, researchers uncovered a series of four security vulnerabilities within OpenSynergy’s BlueSDK Bluetooth stack that could enable remote code execution on millions of vehicles from various manufacturers. Named PerfektBlue, these vulnerabilities can be combined to form an exploit chain that compromises vehicles from at least three major automakers: Mercedes-Benz, Volkswagen, and Skoda, as reported by PCA Cyber Security (formerly PCAutomotive). Additionally, a fourth unnamed original equipment manufacturer (OEM) is also believed to be affected. “The PerfektBlue exploitation comprises critical memory corruption and logical vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack that can be leveraged for Remote Code Execution (RCE),” the cybersecurity firm stated. While infotainment systems are often considered isolated from essential vehicle controls, this separation is not as reliable as it might seem.

PerfektBlue Bluetooth Vulnerabilities Threaten Remote Control of Millions of Vehicles On July 11, 2025, cybersecurity experts announced the discovery of four critical vulnerabilities in OpenSynergy’s BlueSDK Bluetooth stack, collectively termed PerfektBlue. Exploiting these flaws could enable remote code execution across a vast array of vehicles manufactured by multiple vendors. This…

Read More

PerfektBlue Bluetooth Flaws Leave Millions of Vehicles Vulnerable to Remote Code Execution

On July 11, 2025, researchers uncovered a series of four security vulnerabilities within OpenSynergy’s BlueSDK Bluetooth stack that could enable remote code execution on millions of vehicles from various manufacturers. Named PerfektBlue, these vulnerabilities can be combined to form an exploit chain that compromises vehicles from at least three major automakers: Mercedes-Benz, Volkswagen, and Skoda, as reported by PCA Cyber Security (formerly PCAutomotive). Additionally, a fourth unnamed original equipment manufacturer (OEM) is also believed to be affected. “The PerfektBlue exploitation comprises critical memory corruption and logical vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack that can be leveraged for Remote Code Execution (RCE),” the cybersecurity firm stated. While infotainment systems are often considered isolated from essential vehicle controls, this separation is not as reliable as it might seem.

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb On July 11, 2025, Fortinet announced the release of urgent patches for a significant security vulnerability in FortiWeb, a web application firewall. This flaw, designated CVE-2025-25257, poses a serious risk, allowing unauthorized attackers the potential to execute arbitrary SQL commands…

Read More

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

GPUHammer: New RowHammer Attack Variant Compromises AI Model Integrity on NVIDIA GPUs

NVIDIA is advising customers to activate System-level Error Correction Codes (ECC) as a safeguard against a newly identified variant of the RowHammer attack targeting its graphics processing units (GPUs). “The likelihood of successful RowHammer exploitation varies depending on DRAM device, platform, design specifications, and system settings,” the company noted in a recent advisory. Named GPUHammer, this marks the first incident of a RowHammer exploit impacting NVIDIA GPUs, such as the A6000 with GDDR6 memory. This attack allows malicious users to manipulate other users’ data by inducing bit flips in GPU memory. Researchers from the University of Toronto highlighted a particularly alarming outcome: the accuracy of an AI model can plummet from 80% to below 1%. RowHammer poses a similar risk to modern DRAMs as Spectre and Meltdown do for contemporary CPUs, representing critical hardware-level security vulnerabilities.

GPUHammer: New RowHammer Attack Variant Threatens AI Performance on NVIDIA GPUs On July 12, 2025, NVIDIA issued a critical advisory urging its customers to activate System-level Error Correction Codes (ECC) to combat a newly revealed variant of RowHammer attacks targeting its graphics processing units (GPUs). Identified as GPUHammer, this attack…

Read More

GPUHammer: New RowHammer Attack Variant Compromises AI Model Integrity on NVIDIA GPUs

NVIDIA is advising customers to activate System-level Error Correction Codes (ECC) as a safeguard against a newly identified variant of the RowHammer attack targeting its graphics processing units (GPUs). “The likelihood of successful RowHammer exploitation varies depending on DRAM device, platform, design specifications, and system settings,” the company noted in a recent advisory. Named GPUHammer, this marks the first incident of a RowHammer exploit impacting NVIDIA GPUs, such as the A6000 with GDDR6 memory. This attack allows malicious users to manipulate other users’ data by inducing bit flips in GPU memory. Researchers from the University of Toronto highlighted a particularly alarming outcome: the accuracy of an AI model can plummet from 80% to below 1%. RowHammer poses a similar risk to modern DRAMs as Spectre and Meltdown do for contemporary CPUs, representing critical hardware-level security vulnerabilities.

eSIM Vulnerability in eUICC Cards Poses Serious Threat to Billions of IoT Devices

Cybersecurity researchers have uncovered a new hacking technique that exploits vulnerabilities in eSIM technology, putting users at significant risk. This issue particularly affects the Kigen eUICC card, with over two billion IoT device SIMs activated as of December 2020, according to the Irish company’s website. The findings come from Security Explorations, a research lab affiliated with AG Security Research, which was awarded a $30,000 bounty by Kigen for their report. An eSIM, or embedded SIM, is a digital SIM card integrated into a device via software on an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs enable users to activate cellular plans without needing a physical SIM card, while eUICC software facilitates the installation of operator profiles, remote provisioning, and SIM profile management.

eSIM Vulnerability in eUICC Cards Threatens Billions of IoT Devices to Cyber Attacks In a significant cybersecurity breakthrough, researchers have unveiled a vulnerability within the eSIM technology that could expose billions of Internet of Things (IoT) devices to malicious attacks. This issue specifically involves the Kigen eUICC card, which has…

Read More

eSIM Vulnerability in eUICC Cards Poses Serious Threat to Billions of IoT Devices

Cybersecurity researchers have uncovered a new hacking technique that exploits vulnerabilities in eSIM technology, putting users at significant risk. This issue particularly affects the Kigen eUICC card, with over two billion IoT device SIMs activated as of December 2020, according to the Irish company’s website. The findings come from Security Explorations, a research lab affiliated with AG Security Research, which was awarded a $30,000 bounty by Kigen for their report. An eSIM, or embedded SIM, is a digital SIM card integrated into a device via software on an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs enable users to activate cellular plans without needing a physical SIM card, while eUICC software facilitates the installation of operator profiles, remote provisioning, and SIM profile management.

⚡ Weekly Highlights: Scattered Spider Arrests, Car Hacks, macOS Malware, Fortinet RCE, and More

This week in cybersecurity has shed light on critical vulnerabilities and significant criminal activity affecting major organizations. Precision is paramount in this field; minor oversights can cascade into enormous security breaches. In this context, notable incidents underline systemic issues, such as reliance on outdated tools, sluggish risk responses, and a…

Read More⚡ Weekly Highlights: Scattered Spider Arrests, Car Hacks, macOS Malware, Fortinet RCE, and More

Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It

July 16, 2025
AI Security / Vulnerability

Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.

Google AI “Big Sleep” Detects Critical SQLite Vulnerability Before Exploitation Could Occur On July 16, 2025, Google announced a significant achievement in cybersecurity through its AI-driven vulnerability assessment tool, known as Big Sleep. This large language model (LLM)-assisted framework successfully detected a critical security vulnerability in the widely used SQLite…

Read More

Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It

July 16, 2025
AI Security / Vulnerability

Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.

Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558

Jul 16, 2025
Browser Security / Zero-Day

On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.

Urgent: Critical Chrome Update Released by Google to Address CVE-2025-6558 Exploit On July 16, 2025, Google announced significant updates to its Chrome web browser, patching six security vulnerabilities, one of which is particularly concerning as it has already been exploited in the wild. This flaw, identified as CVE-2025-6558, has been…

Read More

Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558

Jul 16, 2025
Browser Security / Zero-Day

On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.

Title: UNC6148 Exploits Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Date: July 16, 2025
Category: Vulnerability / Cyber Espionage

A threat actor group, identified as UNC6148, has been found targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 series appliances, as part of an operation to deploy a backdoor known as OVERSTEP. This malicious activity has been traced back to at least October 2024. The Google Threat Intelligence Group (GTIG) reports that the number of known victims is currently “limited.” The tech giant has high confidence in its assessment that the group is utilizing credentials and one-time password (OTP) seeds stolen from previous breaches, enabling them to regain access even after organizations have implemented security updates. Metadata analysis indicates that UNC6148 may have first exfiltrated these credentials from the SMA appliance as early as January 2025. The precise method of initial access for delivering the malware remains unknown due to the evasive actions taken by the threat actor.

UNC6148 Targets Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit On July 16, 2025, cybersecurity analysts from the Google Threat Intelligence Group (GTIG) disclosed a troubling trend involving UNC6148, a hacking group targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 Series appliances. The campaign, which began around October 2024,…

Read More

Title: UNC6148 Exploits Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Date: July 16, 2025
Category: Vulnerability / Cyber Espionage

A threat actor group, identified as UNC6148, has been found targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 series appliances, as part of an operation to deploy a backdoor known as OVERSTEP. This malicious activity has been traced back to at least October 2024. The Google Threat Intelligence Group (GTIG) reports that the number of known victims is currently “limited.” The tech giant has high confidence in its assessment that the group is utilizing credentials and one-time password (OTP) seeds stolen from previous breaches, enabling them to regain access even after organizations have implemented security updates. Metadata analysis indicates that UNC6148 may have first exfiltrated these credentials from the SMA appliance as early as January 2025. The precise method of initial access for delivering the malware remains unknown due to the evasive actions taken by the threat actor.

Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies

July 16, 2025
Threat Intelligence / Vulnerability

Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.

Hackers Exploit Microsoft Teams to Distribute Matanbuchus 3.0 Malware Targeting Businesses August 16, 2025 In a concerning development within the realm of cybersecurity, researchers have identified a new variant of the Matanbuchus malware loader, which has been refined to enhance its stealth and evade detection by security systems. Matanbuchus represents…

Read More

Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies

July 16, 2025
Threat Intelligence / Vulnerability

Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.