Cyber breach Incident Exposed Itron’s Internal System & Network
Cyber breach at Itron
Continue Readingcyber security news
Emergency Patch Issued by Fortinet in Latest FortiClient Vulnerabilities
Emergency Patch Issued by Fortinet for FortiClient for Vulnerability
Continue Reading
Critical vm2 Node.js Vulnerability Allow Sandbox Escape & Arbitrary Code Execution
Critical vm2 Node.js Library Sandbox Escape Vulnerability
Continue Reading
Malicious Extensions Copies Legitimate Apps; Chrome Under Spotlight
Chrome under spotlight
Continue Reading
Data Breach at SoundCloud Involves Unauthorized Access to Users Data
SoundCloud Data Breach
Continue Reading
Chrome Latest Update Fixes Multiple High-Severity Security Flaws
Summary : The recent Google Chrome update fixed several serious security issues that could let hackers take control of the browser or steal personal data. These vulnerabilities were mostly related to memory handling and scripting errors in important parts of Chrome like the JavaScript engine (V8) and browser interfaces.
| OEM | |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-12725, CVE-2025-12726, CVE-2025-12727, CVE-2025-12728, CVE-2025-12729 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Problems like type confusion and memory misuse could allow attackers to run harmful code just by making users visit malicious websites. Some flaws also affected Chrome’s UI, media processing and extension systems exposing users to possible unauthorized access or data leaks.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Out-of-Bounds Write in WebGPU | CVE-2025-12725 | Chrome | High | 142.0.7444.134/135 |
| Inappropriate Implementation in Views (UI Rendering) | CVE-2025-12726 | Chrome | High | 142.0.7444.134/135 |
| Inappropriate Memory Handling in V8 JavaScript Engine | CVE-2025-12727 | Chrome | High | 142.0.7444.134/135 |
| Inappropriate Implementation in Omnibox (Unified Search Bar) | CVE-2025-12728 | Chrome | Medium | 142.0.7444.134/135 |
| Inappropriate Implementation in Omnibox (Unified Search Bar) | CVE-2025-12729 | Chrome | Medium | 142.0.7444.134/135 |
Technical Summary
The bugs included memory corruption issues such as out-of-bound writings and use-after-free errors, which can lead to unpredictable behavior and remote code execution (RCE).
The JavaScript engine vulnerabilities involved mishandling data types or incorrect implementation, enabling attackers to break security boundaries.
Other issues involved UI security logic problems that could mislead users or weaken protections. Google patched all these weaknesses by tightening input validations, fixing memory lifecycle bugs, correcting UI behavior and strengthening internal security checks.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-12725 | Google Chrome (WebGPU) | Out-of-bounds write in WebGPU due to improper bounds checking, allowing attackers to overwrite memory beyond allocated limits. | Remote Code Execution / Browser Crash |
| CVE-2025-12726 | Google Chrome (Views UI) | Inappropriate implementation in the Views component causing memory corruption. | UI rendering |
| CVE-2025-12727 | Google Chrome (V8 Engine) | Improper handling in the V8 JavaScript engine enabling potential arbitrary code execution through crafted scripts. | Remote Code Execution |
| CVE-2025-12728 | Google Chrome (Omnibox) | Flaws in Omnibox’s implementation could allow UI spoofing or navigation bar manipulation. | UI Spoofing |
| CVE-2025-12729 | Google Chrome (Omnibox) | Similar flaws in Omnibox affecting input validation, leading to potential security bypasses or deceptive UI. | UI Spoofing / Security Bypass |
Recommendations
Update Chrome immediately to the following versions:
- For windows 142.0.7444.134/.135
- For MacOS 142.0.7444.135
- For Linux 142.0.7444.134
You can update by Open Chrome Settings → Help → About Google Chrome, then allow Chrome to check for and install updates immediately.
Along with update you can follow the recommendations below as well
- Enforce Chrome auto-updates across managed endpoints using enterprise policy controls.
- Actively monitor browser crash reports or any suspicious logs potentially linked to exploit attempts.
- Use vulnerability & patch management tools to ensure all endpoints are running the latest version of all applications.
Conclusion:
The Chrome security flaws can compromise devices just through browsing. Because millions use Chrome daily, these gaps were a high risk and google already patched those issues. Keeping any application to the latest version which is the best defense against cyber threats aiming at browsers.
References:
Apple Releases iOS & iPadOS 26.1 Update, Fixed Multiple Security Vulnerabilities
Summary: Apple released iOS 26.1 and iPadOS 26, addressed multiple security vulnerabilities across core system components including WebKit, Kernel, Accessibility, Apple Neural Engine, CloudKit etc.
| OEM | Apple |
| Severity | High |
| CVEs | CVE-2025-43438, CVE-2025-43429, CVE-2025-43442, CVE-2025-43455, CVE-2025-43398 & others |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview:
These vulnerabilities could enable malicious apps to escape sandboxes, access sensitive user data, execute arbitrary code via web content, monitor keystrokes or disable theft protection mechanisms. Affected devices include iPhone 11 & later and iPad models from 3rd gen onward etc. Immediate update is strongly recommended to prevent any breaches, system crashes.
| Vulnerability Name | CVE ID | Product Affected | Fixed Version |
| WebKit Use-After-Free (Safari Crash/RCE) | CVE-2025-43438 | iOS, iPadOS | iOS/iPadOS 26.1 |
| WebKit Buffer Overflow (RCE Risk) | CVE-2025-43429 | iOS, iPadOS | iOS/iPadOS 26.1 |
| App Installed Detection via Accessibility | CVE-2025-43442 | iOS, iPadOS | iOS/iPadOS 26.1 |
| Sensitive Screenshot in Embedded Views | CVE-2025-43455 | iOS, iPadOS | iOS/iPadOS 26.1 |
| Kernel Memory Corruption / DoS | CVE-2025-43398 | iOS, iPadOS | iOS/iPadOS 26.1 |
Technical Summary:
The iOS/iPadOS 26.1 update fixes major security issues in sandbox protection, memory handling, privacy settings, and the WebKit browser engine. These critical vulnerabilities could allow apps or websites to access restricted data or execute malicious code. Key impact issues mentioned below.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-43438 | WebKit | Use-after-free in Safari triggers crash or code execution via malicious web content | Remote Code Execution, System Compromise |
| CVE-2025-43429 | WebKit | Buffer overflow in content processing allows arbitrary code execution | Remote Code Execution, Service Compromise |
| CVE-2025-43442 | Accessibility | Permissions flaw allows apps to detect installed apps (fingerprinting) | Privacy Violation, User Tracking |
| CVE-2025-43455 | Apple Account | Malicious apps can screenshot sensitive embedded UI (login views) | Credential, PII Exposure |
| CVE-2025-43398 | Kernel | Memory mishandling leads to system termination or kernel corruption | Denial of Service, Potential Privilege Escalation |
Additionally, there are multiple high & medium vulnerabilities have been disclosed that enable sandbox escapes, data leaks, and web-based attacks with significant impact potential. Here are some cves in the below table
| Vulnerability Name | CVE ID | Affected Component |
| Sandbox Escape via Assets | CVE-2025-43407 | Assets |
| Sandbox Escape via CloudKit Symlink | CVE-2025-43448 | CloudKit |
| Stolen Device Protection Bypass | CVE-2025-43422 | Stolen Device Protection |
| Cross-Origin Data Exfiltration | CVE-2025-43480 | WebKit |
| Keystroke Monitoring via WebKit | CVE-2025-43495 | WebKit |
| Apple Neural Engine Kernel Corruption | CVE-2025-43447, CVE-2025-43462 | Apple Neural Engine |
| Canvas Cross-Origin Image Theft | CVE-2025-43392 | WebKit Canvas |
| Contacts Data Leak in Logs | CVE-2025-43426 | Contacts |
| Lock Screen Content Leak | CVE-2025-43350 | Control Center |
| Address Bar Spoofing | CVE-2025-43493 | Safari |
| UI Spoofing in Safari | CVE-2025-43503 | Safari |
Recommendations:
Update all eligible devices immediately (Settings > General > Software Update products) to the following fixed versions as soon as possible and check the updated version from the Apple security website.
Patches are available and should be applied immediately.
For environments where immediate patching is not immediately feasible, you can also follow the recommendations below.
- Enable Stolen Device Protection and Lockdown Mode (where applicable)
- Restrict app installations to trusted sources.
- Avoid visiting untrusted websites from browser
- Use VPN and enable Advanced Data Protection for iCloud
- Monitor for anomalous app behavior or battery drain
Conclusion:
The iOS/iPadOS 26.1 update fixes several security vulnerabilities that could affect user privacy, device stability, and system protection.
Organizations and Individual using Apple devices must prioritize deployment of this update to mitigate risks of data exfiltration, spyware and other attack vectors. Timely patching remains the most effective control against zero-day exploitation on new vulnerabilities in digital ecosystems.
References:
Critical Apache Tomcat Vulnerabilities Enable RCE
Summary : Security Advisory : Apache Tomcat’s security updates address two critical issues affecting widely deployed server components. Attackers can now exploit flaws in Apache Tomcat where improper URL handling and inadequate input neutralization allow unauthorized access to restricted directories.
| OEM | Oracle |
| Severity | Critical |
| CVSS Score | 9.6 |
| CVEs | CVE-2025-55754, CVE-2025-55752 |
| POC Available | No |
| Actively Exploited | No |
| Advisory Version | 1.0 |
Overview One issue allows attackers to bypass URL protections and upload malicious files, leading to remote code execution if misconfigured and another permits attackers to manipulate console outputs on Windows systems using crafted log entries.
Organizations should promptly update their servers, review configuration settings and enhance monitoring to mitigate these risks.
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability | CVE-2025-55754 | Apache Tomcat | Critical | 11.0.0-M1 through 11.0.10, 10.1.0-M1 through 10.1.44, 9.0.0.40 through 9.0.108. |
| Path Traversal Vulnerability | CVE-2025-55752 | Apache Tomcat | High | 11.0.0-M1 through 11.0.10, 10.1.0-M1 through 10.1.44, 9.0.0.M11 through 9.0.108. |
Technical Summary This enable malicious file uploads, and inject control sequences affecting console behavior or system integrity.
These weaknesses increase the risk of unauthorized code execution and compromise of application environments.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-55752 | URL Rewrite Handler (Apache Tomcat Core) | A directory traversal flaw resulting from improper URL normalization and decoding order, allowing attackers to bypass /WEB-INF/ and /META-INF/ protections. If PUT requests are enabled, malicious actors can upload files to sensitive directories, potentially executing arbitrary code. | Remote code execution, full server compromise if Tomcat is misconfigured with PUT enabled. |
| CVE-2025-55754 | Logging/Console Output | Improper neutralization of ANSI escape sequences in Tomcat log messages allows crafted URLs to inject control sequences. On Windows systems with ANSI-capable consoles, attackers can manipulate the console display and clipboard or potentially induce command execution via social engineering. | Console manipulation, potential administrator trickery, clipboard hijacking; less severe but can be chained for larger attacks. |
Recommendations
Update Apache Tomcat to the following versions immediately:
- For 11.x version updated to v11.0.11 or latest
- For 10.x version updated to v10.1.45 or latest
- For 9.x version updated to v9.0.109 or latest
If you not updating immediately you can follow some recommendations below
- Disable or restrict PUT requests unless absolutely needed to prevent unauthorized file uploads.
- Limit network access to Tomcat management interfaces to trusted administrators and secure sensitive directories.
- Monitor logs and serves activity regularly for unusual or suspicious behavior indicative of exploitation attempts.
Conclusion:
The patches released by Apache Tomcat fix critical remote code execution and console manipulation bugs that could compromise servers.
Though no widespread exploitation is confirmed yet, immediate patching is strongly recommended to prevent serious security incidents. Security teams should apply these updates and monitor any suspicious server activity.
References:
Service Provider for Volvo NA, ‘Miljödata’ hit by Ransomware; Critical Data exposed
Third-party supplier Miljödata, for Volvo North America,hit by ransomware disclosed a data breach that exposed the personal data of its employees . The ransomware attack happened in month of August 2025. and impacted at least 25 companies. The ransomware group DataCarry claimed responsibility for the attack on Miljödata and also published allegedly stolen data on its Tor leak site.
Ransomware attacks are increasingly targeting both enterprise of all sizes across all sectors. The attack affected Scandinavian airline SAS, Boliden and included 200 Swedish municipalities. The affected systems were mostly for HR purposes that handled medical certificates, rehabilitation matters, reporting and managing work-related injuries.
The service provider of Volvo, launched an investigation into the incident with the help of cybersecurity experts, enhanced the security of its hosted environment, and is working to prevent similar security breaches in the future.
According to the data breach notification service Have I Been Pwned (HIBP), the leaked data belongs to 870,000 accounts. Exposed data includes email addresses, names, physical addresses, phone numbers, government IDs, dates of birth, and gender.
DataCarry Ransomware Group
The DataCarry ransomware group claimed responsibility for the attack on Miljödata’s Adato system, and has Miljödata’s files available for download on its dark web-based site.
Need of the hour for Enterprise security who are soft target of ransomware attack.
- Continuously monitor to detect breached credentials, leaked databases, and threat actor’s activites in near real-time before damage gas taken full control.
- Assessment on cyber attack module as soon as an attack was initiated and do proper full incident review to determine how attackers infiltrated enterprise network and how data exfiltrated and if there is any existing threat.
- Authenticate backups of data that have been stored currently and if they have been encrypted or stored offline. It is responsibility of enterprise to keep immutable backup solutions to defend against any ransomware attack that may encompass from encryption and deletion attempts by threat actors.
- Implement threat intelligence for real time alert against any external threat that gets feeder into system . Enterprise security must Include indicators of compromise (IOCs), into company’s XDR platforms for real-time alerting .
- Include phishing simulations and enforce multi-factor authentication (MFA) across all access points.
While Volvo did not specify the exact scale of its breach, it is one of many large organizations to be caught up in the data raid. As per reports Volvo Group provided the affected individuals with 18 months of free identity protection and credit monitoring services.
Source: Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata
Third Party System Disruption Coordinated for Cyber attack on Major European Airlines
A third-party passenger system disruption at Heathrow may caused delays in the check-in process at Heathrow Airport and major European Airlines signaled as cyber attack. Third Party System Disruption Coordinated for Cyber attack on Major European Airlines.
The cyber attack targeted at third party vendor Collin Aerospace ,providing check-in and boarding systems for several airlines across multiple airports globally, experienced technical issue leading to flight disruption.
Heathrow Airport warned departing passengers of probable delays and urged them to monitor their flight status closely during the disruption.
Similarly Brussels Airport confirmed that automated check-in and boarding services were inoperable, forcing staff to use manual processes to handle departing passengers.
Berlin Airport also communicated the situation via a banner on its website, stating: “Due to a technical issue at a system provider operating across Europe, there are longer waiting times at check-in. We are working on a quick solution,” Berlin Airport said in a banner on its website.
As per reports the impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX, which owns Collins Aerospace, reportedly said in a statement, adding that it had become aware of a ‘cyber-related disruption’ to its software at selected airports, without naming them. It added that it was working to fix the issue as quickly as possible.
A Highly coordinated attack by Hackers on Aviation Sector – What do we know
“The aviation industry has become an increasingly attractive target for cybercriminals because of its heavy reliance on shared digital systems,” Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, told Euronews Next.
“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once. When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders,” she added.
Weaklink targeted in connected the ecosystem
The attack on third party ecosystem indicates that cyber security needs to be treated on high priority as IT is related and its high time airlines and aviation take cybersecurity seriously
According to a recent SecurityScorecard study, at least 29% of all breaches were attributable to a third-party attack vector, meaning the core risk originated outside of the organization.
Of these, 75% involved software or other technology products and services, with the remaining 25% stemming from non-technical products or services. These statistics highlight the digital interconnectivity across the supply chain — and the risks inherent within those relationships.
Reducing Third party cyber risk related loss
In this competitive market and aggression of cyber criminals towards vendors and third party service providers, utmost necessity and guard is required while choosing critical product and service providers. The entire ecosystem is relying for their service and this includes, where possible, identifying the critical vendors and suppliers the providers use, otherwise known as fourth-party vendors.
Verifying that third parties who have adequate cyber insurance to meet the requirements of the first-party organization. This demonstrates cyber risk management hygiene is maintained and certain controls are in place.
A strong incident response plan is maintained well ahead before any incident occurs.
(Sources: https://www.euronews.com/next/2025/09/21/what-do-we-know-about-the-cyberattacks-that-hit-europes-airports)
Recent Comments