admin

admin

  • Joined: September 10, 2024
  • Articles: 6126

Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558

Jul 16, 2025
Browser Security / Zero-Day

On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.

Urgent: Critical Chrome Update Released by Google to Address CVE-2025-6558 Exploit On July 16, 2025, Google announced significant updates to its Chrome web browser, patching six security vulnerabilities, one of which is particularly concerning as it has already been exploited…

Weekly Cybersecurity Update: Key Threats, Tools, and Best Practices (Nov 18 – Nov 24)

November 25, 2024 | Cybersecurity / Critical Updates

Terms like “state-sponsored attacks” and “critical vulnerabilities” frequently fill our news feeds, but what do they truly entail? This week’s cybersecurity highlights extend beyond mere headlines—they illuminate how digital risks impact our everyday lives more than we might realize. For example, breaches in telecom networks involve far more than data theft; they pose serious threats to our fundamental communications and business operations. Those technical CVEs aren’t just numbers; they represent potential vulnerabilities in your everyday tools, from smartphones to workplace software, functioning like ticking time bombs.

These issues matter to everyone, not just experts. They remind us how easily the digital landscape we depend on can become a threat—but they also underscore the importance of remaining informed and proactive. Join us as we dive into this week’s recap to explore these risks, uncover effective solutions, and discover actionable steps we can all take to enhance our security.

Cybersecurity Update: Key Threats and Trends for the Week of November 18 – November 24 Published on November 25, 2024 In recent weeks, discussions around cybersecurity have underscored pervasive themes such as “state-sponsored attacks” and “critical vulnerabilities.” However, the implications…

Nvidia Challenges Claims of Chinese ‘Kill-Switch’ ਰਹਿਤ

Artificial Intelligence & Machine Learning, Legislation, Next-Generation Technologies & Secure Development Chipmaker Argues Against Increasing US Pressure for New Security Requirements Chris Riotta (@chrisriotta) • August 7, 2025 Image: Stock All/Shutterstock Nvidia, a leader in AI chip manufacturing, has dismissed…

Title: UNC6148 Exploits Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Date: July 16, 2025
Category: Vulnerability / Cyber Espionage

A threat actor group, identified as UNC6148, has been found targeting fully-patched SonicWall Secure Mobile Access (SMA) 100 series appliances, as part of an operation to deploy a backdoor known as OVERSTEP. This malicious activity has been traced back to at least October 2024. The Google Threat Intelligence Group (GTIG) reports that the number of known victims is currently “limited.” The tech giant has high confidence in its assessment that the group is utilizing credentials and one-time password (OTP) seeds stolen from previous breaches, enabling them to regain access even after organizations have implemented security updates. Metadata analysis indicates that UNC6148 may have first exfiltrated these credentials from the SMA appliance as early as January 2025. The precise method of initial access for delivering the malware remains unknown due to the evasive actions taken by the threat actor.

UNC6148 Targets Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit On July 16, 2025, cybersecurity analysts from the Google Threat Intelligence Group (GTIG) disclosed a troubling trend involving UNC6148, a hacking group targeting fully-patched SonicWall Secure Mobile Access (SMA)…

APT-C-60 Hackers Target StatCounter and Bitbucket in SpyGlace Malware Campaign

On November 27, 2024, JPCERT/CC reported that the APT-C-60 threat group has executed a cyberattack against an undisclosed organization in Japan, utilizing a job application guise to deploy the SpyGlace backdoor. This operation, which took place in August 2024, exploited legitimate platforms such as Google Drive, Bitbucket, and StatCounter.

The phishing scheme involved an email disguised as correspondence from a potential employee, which was sent to the organization’s recruitment team, ultimately leading to malware infiltration. APT-C-60, believed to be aligned with South Korea, commonly targets East Asian nations. During the attack, the group exploited a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to introduce the SpyGlace backdoor. JPCERT/CC’s findings detail how the attack chain unfolded, beginning with a phishing email linking to a file on Goo…

APT-C-60 Hackers Target Japanese Organization with SpyGlace Malware Campaign On November 27, 2024, cybersecurity experts at JPCERT/CC reported a sophisticated cyber attack tied to the APT-C-60 hacker group, which has gained notoriety for its ties to South Korean cyber espionage…

Google Uncovers a New Scam—And Becomes Its Victim

Google’s Salesforce Instance Compromised: A Closer Look at Recent Cybersecurity Breach In a significant cybersecurity breach, Google has confirmed that its Salesforce instance was among those affected by unauthorized access. The intrusion took place in June, but the company only…

Chinese Pair Arrested for Illegally Exporting AI Chips

Topics: Cybercrime, Fraud Management & Cybercrime, Incident & Breach Response Ukrainian Hackers Uncover Evidence of Child Abduction Amid Ongoing Cyber Threats Anviksha More ( AnvikshaMore) • August 7, 2025 Information Security Media Group provides a weekly overview of significant cybersecurity…