Critical Vulnerability in CISCO Catalyst SD-WAN Authentication Bypass 0-Day; Patch Now
Cisco SD-WAN Authentication Bypass Zero-Day
Continue ReadingCyber Threat
Indian Org’s to Hire more Dedicated Cyber security professional says Report ; Role of BISO to Gain Traction
BISO Analytics from Intrucept ‘A Unified platform to map Business risk with Cyber Risk
Continue Reading
Evolving Phishing Scams & Cost Incurred by Organization’s in 2025
Any phishing scams that occur, the purpose is to trick unsuspecting victims or organizations into taking a specific action and that can range from clicking on malicious links, downloading harmful files or sharing login credentials. Sometimes the effectiveness of phishing attacks stems from their use of social engineering techniques that have the ability to exploit human psychology or behavior. In 2025 we have witnessed the how evolving phishing scams that have affected organizations financially.
Often we see phishing scams create a sense of urgency, or curiosity thereby prompting victims to act quickly without verifying the authenticity of incoming request. Now with evolving technology, phishing tactics are also evolving making these attacks increasingly sophisticated, hard to detect. In coming years we will witness how AI will power more phishing attacks, including text-based impersonations to deepfake communications. These will be more cheap and popular with threat actors.
Cyber security researchers found that there is a link between ransomware, malware and form encryption and most were caused by.
14% Malicious websites
54% Phishing
27% Poor user pactices / gullibility
26% Lack of cybersecurity training
A survey by Statista found that ransomware infections were caused by:
- 54% Phishing
- 27% Poor user pactices / gullibility
- 26% Lack of cybersecurity training
- 14% Malicious websites
In this blog we will highlight latest phishing statistics that emerged in 2025 ,affecting organizations and phishing scams are changing.
As per APWG report found on Unique phishing sites. This is a primary measure of reported phishing across the globe. This is determined by the unique bases of phishing URLs found in phishing emails reported to APWG’s repository.
In the first quarter of 2025, APWG observed 1,003,924 phishing attacks. This was the largest quarterly
total since 1.07 million were observed in Q4 2023. The number has climbed steadily over the last year:
from 877,536 in Q2 2024, to 932,923 in Q3, to 989,123 in Q4. One of the reason cited being advancement in AI is also making it easier for criminals to create convincing and personalized phishing lures.
Hoxhunt find alarming statistics on phishing related attack of 2025
| Business email compromise (BEC) | A staggering 64% of businesses report facing BEC attacks in 2024, with a typical financial loss averaging $150,000 per incident. These phishing attacks frequently target employees with access to financial systems, mimicking executives or trusted contacts. |
| Credential phishing | Around 80% of phishing campaigns aim to steal credentials, particularly targeting cloud-based services like Microsoft 365 and Google Workspace. With the growing reliance on cloud platforms, cyber attackers leverage realistic fake login pages to deceive users. |
| HTTPS phishing | An increasing number of phishing sites now use HTTPS to appear legitimate. In 2024, approximately 80% of phishing websites feature HTTPS, complicating detection for users. |
| Voice phishing (vishing) | Vishing attacks are growing in prevalence, with 30% of organizations reporting instances where threat actors used fake calls to impersonate officials or executives. |
| Quishing (QR code phishing) | QR code phishing attacks (quishing) increased by 25% year-over-year, as attackers exploit physical spaces like posters or fake business cards to lure victims. |
| AI-driven attacks | AI is powering phishing attacks, with deepfake impersonations increasing by 15% in the last year. These attacks often target high-value individuals in finance and HR. |
| Multi-channel phishing | Attackers are increasingly exploiting platforms like Slack, Teams, and social media. Around 40% of phishing campaigns now extend beyond email, reflecting a shift to these channels. |
| Government agency impersonation | Phishing emails mimicking government bodies such as the IRS or international tax agencies have increased by 35%. These often involve claims about overdue taxes or fines. |
| Phishing kits | The availability of ready-to-use phishing kits on the dark web has risen by 50%, enabling less sophisticated attackers to deploy high-quality phishing schemes. |
| Brand impersonation | Attackers frequently impersonate well-known brands like Microsoft, Amazon, and Facebook, leveraging user trust. For example, over 44,750 phishing attacks specifically targeted Facebook by embedding its name in domains and subdomains over the past year. |
Cost of Phishing attacks
According to the 2024 IBM / Ponemon Cost of a Data Breach study, the average annual cost of phishing rose by nearly 10% from 2024 to 2023, from $4.45m to $4.88m. That’s the biggest jump since the pandemic.
The IBM study reported the following costs:
- Phishing breaches: $4.88M
- Social engineering: $4.77M
- BEC: $4.67M
The above-listed categories of cyber security breach costs are all related to people-targeted attacks. BEC, social engineering, and stolen credentials often contain a phishing element.
Barracuda research found that email remains the common attack vector for cyber threats and highlighted their key findings:
1 in 4 email messages are malicious or unwanted spam.
83% of malicious Microsoft 365 documents contain QR codes that lead to phishing websites.
20% of companies experience at least one account takeover (ATO) incident each month.
Nearly one-quarter of all HTML attachments are malicious and more than three-quarters of
companies are not actively preventing spoofed emails.
Bitcoin sextortion scams, an emerging trend, account for 12% of malicious PDF attachments.
Nearly half of all companies have not configured a DMARC policy, putting them at risk
of email spoofing, phishing attacks, and business email compromise.
The Barracuda research also found malicious one in four emails are either malicious or unwanted spam and malicious attachment is prevalent in various file.
An alarming 87% of binaries detected were malicious, highlighting the need for strict policies against executable files being sent via email, since they can directly install malware. Despite a relatively low total volume, HTML files have a high malicious rate of 23% and are often used for phishing and credential theft.
The research say that small businesses more vulnerable to email threats, due to limited cybersecurity resources, smaller IT teams and they rely on basic email security solutions. Small business may not have required solutions to handle sophisticated attacks, such as business email compromise (BEC), phishing and ransomware.
How Organizations can strengthen their defense
As organizations embark to strengthen their defenses, it’s crucial they don’t overlook the human element and Cybersecurity hygiene. That definitely starts by identifying security at every step starting from ensuring every user, machine or system that has right to access privileges.
Cybersecurity is as much a cultural issue as it is a technical one, as a single click can compromise an entire organization, behavior starts to shift from compliance to accountability
Whenever there is a successful phishing attack, researchers emphasize that this attack succeeds by exploiting human trust and familiarity with corporate communication formats. Security awareness remains the most vigorous defense as the growing complexity of these campaigns indicates that phishing operations are increasingly automated, data-driven and adaptive.
Conclusion: As organizations move towards adopting AI, so as attackers to continuously refining their tactics, evade traditional security measures. In this scenario organizations must mitigate the risks by adopting a multi-layered approach to email security. This will include all from leveraging AI-driven threat detection, real-time monitoring and user awareness training.
Phishing Detection & DeepPhish
For organizations who reply on unlike traditional rule-based phishing detection, which relies on blacklists and predefined rules. DeepPhish is implemented, that continuously learns from new phishing attempts, making it highly adaptive and effective against evolving threats.
DeepPhish employs a multi-layered AI approach to detect phishing threats and theses include Email and Website Analysis,uses ML algorithms to analyze historical phishing attacks and identify new patterns and NLP helps DeepPhish analyze email content, message tone, and linguistic patterns that phishers use to trick users.
(Source: APWG.org)
(Source: https://www.barracuda.com/reports/2025-email-threats-report)
(Sources: hoxhunt.com)
Vulnerability Tracked in Oracle is being Exploited; CISA
CISA, the cyber security agency from US has added a serious vulnerability in Oracle E-Business Suite.As per CISA the flaw tracked in an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog.
Vulnerability CVE-2025-61884
Oracle published CVE-2025-61884, a server-side request forgery (SSRF) vulnerability in the Oracle Configurator runtime component, on October 11.
The bug received a CVSS score of 7.5 and does not require authentication to exploit. According to the company, attackers can use this vulnerability to gain “unauthorized access to critical data or full access to all Oracle Configurator data.”
Government organizations in the US must install patches before November 10. However, Oracle itself has not yet confirmed the exploitation.
In early October, Mandiant revealed that the Clop ransomware gang had begun sending extortion emails to companies, claiming that they had stolen data from Oracle E-Business Suite instances using zero-day flaws.
Oracle responded to this news by stating that the threat actors had exploited previously patched flaws disclosed in July.
As per Bleeping computers CVE-2025-61884 addresses the flaw by validating an attacker-supplied “return_url” using a regular expression. If the validation fails, the request is blocked.
To this day, it remains unclear why Oracle listed the ShinyHunters exploit as an IOC for CVE-2025-61882, when it is actually intended for CVE-2025-61884.
Oracle EBS under attack
Orcale E-Business Suit is under targeted atatck by threat actors and investigations by various research teams from Mandiant and Crowdstrike revealed that Oracle EBS had been targeted in two different campaigns.
- July campaign: Used an exploit that targeted an SSRF flaw in the “
/configurator/UiServlet” endpoint, which is now confirmed as CVE-2025-61884. - August campaign: Used a different exploit against the “
/OA_HTML/SyncServlet” endpoint, and was fixed under CVE-2025-61882 through mod_security rules to block the endpoint and by stubbing out the SYNCSERVLET class. This flaw is attributed to Clop.
Oracle disclosed CVE-2025-61884 on October 11 but did not confirm whether it had been exploited, despite having fixed the exploit used in the July attacks. Earlier when the vulnerability CVE-2025-61884 was discovered concerns an information disclosure flaw in the Runtime UI component.
Last week Oracle released an emergency patch this weekend for a critical vulnerability in E-Business Suite. This software flaw can be exploited by attackers without authentication to steal sensitive data.Oracle has assigned the vulnerability a CVSS score of 7.5, which underscores the severity of the problem.
CISA also confirmed that five new vulnerabilities are actually being used to attack systems in the real world. These 5 new CVE’s hit everything from business apps to CMS platforms to core Windows components.
These are
- Oracle EBS bugs give attackers an unauthenticated RCE path and data access through SSRF.
- The SMB flaw enables lateral movement inside networks.
- The Kentico pair lets attackers take over CMS environments used for staging and publishing.
- The Apple vulnerability shows the ongoing risk of legacy systems that missed critical patches.
Threat Mitigation by Oracle E Business Suit when hunting for Threat indicators
• Look for weird patterns in Oracle EBS requests – could be a SSRF issue
• See if there are any spikes in SMB share privileges & check Kentico logs for anything fishy
• Browser logs are the place to look for JavaScriptCore crashes or just weird execution
Oracle released critical patch for a wide range of products and this include
The Critical Patch Update provides security updates for a wide range of product families: Oracle Database Server, Oracle Application Express, Oracle Blockchain Platform, Oracle GoldenGate, Oracle NoSQL Database, Oracle REST Data Services, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle Insurance Applications, Oracle Java SE, Oracle JD Edwards, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Systems, Oracle Utilities Applications, and Oracle Virtualization.
Sources: CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
Unpatched Systems, Software’s Exposes Business to Cyber Threats
Remember when Qantas, Australia’s flagship airline confirmed a cyberattack exposing data from its frequent flyer program and customer accounts. The data was upto 6 million, which is staggering in number. This means any kind of exploits are malicious programs designed to take advantage of bugs or vulnerabilities in unpatched software or operating systems to gain unauthorised access. When left unpatched, these weak points act as open doors for cybercriminals.
Kaspersky research shows that the share of exploits targeting critical vulnerabilities in operating systems reached 64% in Q2 2025 (up from 48% in Q1 2025), with third-party apps (29%) and browsers (7%) following.
Unpatched Systems, Software’s exposes Business to Cyber Threats
The breach originated from a third-party customer service platform, proving that even indirect systems can expose millions of records we all knew. This was a clear case how unpatched software’s but Qantas denied any of its service platform was vulnerable and there was no sign the platform was compromised.
Similarly 1.5 billion records across 760 global companies record exposed to data breach when Salesforce was hit and the hacking group claimed to have breached Salesforce through compromised integrations with third-party tools like Drift and SalesLoft, stealing huge amounts of CRM data. And as recent Salesloft Drift cyberattack may have also compromised some Google Workspace accounts.
The above case are all about software vulnerabilities when left unpatched. Latest data from cybersecurity and privacy company Kaspersky revealed that existing vulnerabilities in business networks continue to leave Malaysian enterprises exposed to cyberattacks.
Globally, in Q2 2025, the most common exploits targeted vulnerable Microsoft Office products with unpatched security flaws, according to Kaspersky’s findings. Its solutions detected the most exploits on the Windows platform for the following vulnerabilities:
- CVE-2018-0802: Remote code execution vulnerability in the Equation Editor component
- CVE-2017-11882: Another remote code execution vulnerability in Equation Editor
- CVE-2017-0199: Vulnerability in Microsoft Office and WordPad allowing attackers to gain control of the system
(Source: Kaspersky: Unpatched Systems Expose Malaysian Businesses To Exploits – TechTRP)
The report also revealed that the top 10 most exploited vulnerabilities included both new zero-day flaws and older unpatched issues that organisations continue to overlook. A zero-day vulnerability is a software flaw discovered by attackers before the vendor is aware of it. As no patch exists at the time, zero-day attacks often succeed.
Key findings from Kaspersky reports to secure your unpatched systems
- Increased Exploitation: In the first half of 2025, more Windows and Linux users encountered vulnerability exploits compared to the previous year.
- Targeted Vulnerabilities: Common exploits in Q2 2025 targeted Microsoft Office products with unpatched security flaws, such as those in the Equation Editor (CVE-2018-0802 and CVE-2017-11882).
- End of Support: The end of free support for Windows 10 means millions of users will no longer receive critical security patches, leaving their systems vulnerable to new threats.
- High volume of attacks: Kaspersky solutions blocked over 700,000 exploits targeting Indian organizations in the first half of 2025, averaging more than 4,000 per day
“Attackers increasingly use methods to escalate privileges and exploit weaknesses in digital systems. As the number of vulnerabilities continues to grow, it is very important to constantly prioritize patching known vulnerabilities and use software that can mitigate post-exploitation actions. CISOs should counter the consequences of exploitation by searching for and neutralizing command and control implants that can be used by attackers on a compromised system,” says Alexander Kolesnikov, a security expert at Kaspersky.
What Businesses can do to remain Secure from Cyber threats when systems are unpatched?
For legacy systems and applications there is a lack ongoing vendor support, leaving remote code execution vulnerabilities open for exploitation. These attacks enable full system control with little user interaction.
How to Fix:
Apply host-based intrusion prevention and patch virtualization and replace or containerize legacy apps. It is important to isolate critical workloads in secure enclaves as being in legacy catagory they are prone to any kind of cyber threats and intrusion.
Follow more below recommendations
Conduct 24/7 monitoring of your infrastructure, focusing on perimeter defenses and using tools that can detect and block malicious software.
- Utilize solutions for vulnerability assessment, patch management
- Prioritize defense strategies & threat detection like phishing emails and web threats
- Deploy comprehensive cybersecurity solutions that include incident response, employee training, and access to updated threat intelligence.
- Implement a robust patch management process
Advanced eBPF Rootkit LinkPro Evade Detection in Linux Systems via Magic TCP Packets
Overview: LinkPro rootkit targets GNU/Linux systems: LinkPro is a newly discovered Linux rootkit that leverages eBPF (extended Berkeley Packet Filter) technology to stealthily hide its presence on infected systems. The sophisticated Linux rootkit linkpro was uncovered by Synacktiv CSIRT during an investigation of a compromised AWS infrastructure and evade detection in Linux Systems.
This threat was deployed in an AWS environment after attackers exploited a vulnerable Jenkins server to distribute a malicious Docker image containing a Rust downloader that fetched a memory-resident vShell backdoor. This rootkit’s use of eBPF, a legitimate kernel feature, makes detection challenging in Linux as it operates at a low level within the Linux kernel.
Leveraging extended Berkeley Packet Filter (eBPF) technology, where linkpro backdoor evades detection by hiding its processes and network activity, activating remotely via a “magic packet.”
Source: www.synacktiv.com
Issues Details: The attack, originating from a vulnerable Jenkins server, deployed a malicious Docker image across AWS EKS clusters, enabling credential theft and lateral movement. This highlights the misuse of ebpf for advanced persistent threats (apts) in cloud environments.
The LinkPro rootkit targets GNU/Linux systems, exploiting eBPF kernel capabilities to achieve stealth and remote activation.
It embeds multiple ELF modules, including two eBPF programs that hook into critical kernel system calls like getdents and sys_bpf to hide files, processes, and its own presence from detection tools.
If kernel support for these hooks is unavailable, LinkPro falls back to user-space concealment by loading a malicious shared library via /etc/ld.so.preload. This sophisticated rootkit deploys an advanced network packet filtering mechanism, activating only upon receiving a specific “magic packet” (a TCP SYN with a window size of 54321), allowing the attacker to control the system covertly.
LinkPro masquerades as the legitimate systemd-resolved service for persistence and uses encrypted channels such as HTTP, DNS tunneling, and raw TCP/UDP for command and control. Its design enables attackers to execute arbitrary commands, perform file operations, and establish proxy tunnels, making it a highly adaptable and stealthy tool for persistent intrusions targeting cloud-native Linux systems.
Attack Flow
IOCs
| IOC Type | Indicator | Description |
| Network | /api/client/file/download?Path=… | URL used to download tools/payloads onto the compromised host. |
| /reverse/handshake /reverse/heartbeat /reverse/operation | Endpoints the implant calls in reverse mode to receive operator commands. | |
| 18.199.101.111 | Destination IP used by LinkPro in forward (active) mode. | |
| File | /etc/systemd/system/systemd-resolveld.service | Malicious systemd service file named to look like systemd-resolved. |
| /root/.tmp~data.ok | Location/name of the LinkPro binary, disguised as a system file. | |
| /usr/lib/.system/.tmp~data.resolveld | Alternate disguised location for the LinkPro binary. | |
| /etc/libld.so | Malicious library loaded via /etc/ld.so.preload as a fallback concealment method. | |
| Host | Systemd-resolveld | Fake service name intended to be mistaken for systemd-resolved. |
| Conf_map | eBPF map holding the internal port used by the Knock module. | |
| Knock_map | eBPF map containing authorized IP addresses for the Knock module. | |
| Main_ebpf_progs | eBPF map listing programs that the Hide module manages. | |
| Pids_to_hide_map | eBPF map listing process IDs the rootkit hides. | |
| Hashes | D5b2202b7308b25bda8e106552dafb8b6e739ca62287ee33ec77abe4016e698b | Passive linkpro backdoor |
| 1368f3a8a8254feea14af7dc928af6847cab8fcceec4f21e0166843a75e81964 | Active linkpro backdoor | |
| B11a1aa2809708101b0e2067bd40549fac4880522f7086eb15b71bfb322ff5e7 | Ld_Preload module (libld.so) | |
| B8c8f9888a8764df73442ea78393fe12464e160d840c0e7e573f5d9ea226e164 | Hide ebpf module | |
| 364c680f0cab651bb119aa1cd82fefda9384853b1e8f467bcad91c9bdef097d3 | Knock ebpf module | |
| 0da5a7d302ca5bc15341f9350a130ce46e18b7f06ca0ecf4a1c37b4029667dbb | Vget downloader |
Recommendations:
Here are some recommendations below
- Patch the vulnerable Jenkins server (CVE-2024-23897) to prevent initial access.
- Restrict public exposure of CI/CD tools and enforce strict network segmentation.
- Monitor for suspicious Docker container deployments and unexpected host filesystem mounts.
- Watch for unusual or unauthorized eBPF program activity using kernel auditing tools.
- Regularly update Linux kernels and apply available security patches.
Conclusion:
The LinkPro rootkit is anadvanced Linux malware that uses eBPF at the kernel level to stay hidden and persist on systems.
It spreads through Jenkins vulnerabilities, container escapes and remote activation, highlighting the critical vigilance organizations must maintain to continuously monitor and secure their environments.
To protect against it, companies should focus on timely patching and monitoring suspicious activities.
References:
Cyber Threats in Maritime Domain; National Security in Focus at Delhi Seminar
Seminar Titled ‘Impact of Cyber Attacks on Maritime Sector and its Effects on National Security and International Relations’
The event in Delhi organized by Indian Navy and address cyber threat on the Maritime domain and how the threats are aligned to national security and their impact.
The event organized at a time when geo -politics is evolving and the seminar aims to deepen understanding of cyber threats in the maritime domain and foster collaboration amongst key stakeholders to enhance cybersecurity and strengthen the national cybersecurity posture.
Cyber threats evolving and looming above the maritime sector as the Maritime industry steps into the world of cyber risk. The cyber risk is vast and includes array of ransomware capable of shutting down port operations to GPS, halting steering vessels as hackers are get more creative.
Any cyberthreat on maritime sector also involves national security and is not isolated and target of cyber criminals. Maritime security involves trade, global logistics, oil and gas, defense which are major reasons to map maritime cyber threat to national security.
With an aim to deepen understanding of cyber threats in the maritime domain, the Indian Navy is organized the seminar.
The seminar, titled ‘Impact of Cyber Attacks on Maritime Sector and Its Effects on National Security and International Relations’, aims to foster collaboration among key stakeholders to enhance cybersecurity and strengthen the national cybersecurity posture.
Minister of State for IT Ministry, Jitin Prasada, deliver the keynote address during the inaugural session. The seminar will feature panel discussions each led by distinguished experts from the ministries and organizations.
The seminar aims to advance Hon’ble PM’s vision of MAHASAGAR (Mutual and Holistic Advancement for Security and Growth Across the Regions) by reinforcing a safe, secure cyberspace, and echoes the call for ‘Aatmanirbhar Bharat’ through indigenous, secure-by-design digital systems and robust public-private partnership.
Aligned with Maritime India Vision 2030 and the Amrit Kaal Vision 2047, the seminar positions cybersecurity as a core enabler of port-led growth, smart logistics, offshore energy security, and mission critical naval operations.
These include the Ministry of Ports, Shipping and Waterways, the Ministry of Petroleum and Natural Gas (MoPNG), the National Security Council Secretariat (NSCS), the Gas Authority of India Limited (GAIL), the Directorate General of Hydrocarbons (DGH), the Indian Computer Emergency Response Team (CERT-In), the National Critical Information Infrastructure Protection Centre (NCIIPC), and the National Maritime Foundation (NMF) as well as leaders from private organisations.
The topics for panel discussions are ‘Global Cyber Threats to Maritime Infrastructure,’ ‘Civil and Military Partnership,’ and ‘Maritime Sector as Critical Information Infrastructure’.
Google Chrome Patched High-Severity Memory Vulnerabilities
Summary : Security Advisory: Google recently rolled out an update for Chrome to address two high & and one medium severity vulnerabilities.
| OEM | |
| Severity | High |
| CVSS Score | 8.0 |
| CVEs | CVE-2025-11458, CVE-2025-11460, CVE-2025-11211 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A heap buffer overflow in the Sync component and a use-after-free (UAF) vulnerability in the Storage component have been fixed, along with other security issues.
Users and administrators are advised to apply the latest patch as soon as possible to ensure their systems remain secure.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Heap Buffer Overflow in Sync | CVE-2025-11458 | Chrome (Windows, Mac, Linux) | High | 141.0.7390.65/66 |
| Use-After-Free in Storage | CVE-2025-11460 | Chrome (Windows, Mac, Linux) | High | 141.0.7390.65/66 |
| Out-of-Bounds Read in WebCodecs | CVE-2025-11211 | Chrome (Windows, Mac, Linux) | Medium | 141.0.7390.65/66 |
Technical Summary
Google released an update for the Chrome Stable channel, addresses three significant security vulnerabilities related to memory safety. The update addresses multiple critical memory-related vulnerabilities within Chrome’s core components.
These include a flaw that could allow attackers to corrupt memory during browser data synchronization, potentially enabling arbitrary code execution, and another vulnerability in the storage system that involves improper memory handling after an object is freed, which could also lead to exploitation through crafted web content.
Additionally, a medium-severity issue was fixed in the media processing API that could cause exposure of sensitive memory or impact browser stability when handling certain media files. These fixes are part of ongoing efforts to improve browser security by mitigating risks of remote code execution, data exposure, and crashes.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-11458 | Chrome Sync component | Heap buffer overflow in the Sync component could allow memory corruption and potentially enable arbitrary code execution when handling synchronization data. | Remote Code Execution / Data Leakage |
| CVE-2025-11460 | Chrome Storage component | Use-after-free in the Storage component could allow attackers to access freed memory, potentially leading to code execution or information disclosure. | Remote Code Execution / Browser Instability |
| CVE-2025-11211 | Chrome WebCodecs API | Out-of-bounds read in the WebCodecs API could expose memory contents or crash the browser when processing malformed media inputs. | Memory Disclosure / Browser Crash |
Recommendations
Update Chrome immediately to the following versions:
- Windows/Mac: Chrome v141.0.7390.65/66
- Linux: Chrome v141.0.7390.65
Here are bellow recommended actions
- Manual Update Check: Navigate to Settings → Help → About Google Chrome to force update.
- Enterprise Patch Management: Enforce Chrome auto-updates across managed systems.
- Threat Monitoring: Actively monitor browser crash reports, endpoint security alerts, and system/network logs for suspicious behavior.
Conclusion:
This update reflects Chrome’s continued commitment to robust browser security by addressing multiple critical memory vulnerabilities that could otherwise be exploited for remote code execution, data exposure, or browser instability.
Promptly applying updates is essential to reduce potential attack surfaces, maintain browser stability, and safeguard user data against emerging threats.
References:
Critical Lua Sandbox Escape Flaw in Redis Allows Remote Code Execution (RCE)
Summary: Security Advisory: A critical vulnerability has been found in the Lua scripting engine of Redis, enabled by default in all versions, allows authenticated attackers to break out of the Lua sandbox and perform remote code execution (RCE) to gain full control of the affected system.
| OEM | Redis |
| Severity | Critical |
| CVSS Score | 10.0 |
| CVEs | CVE-2025-49844 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Since Redis is used in most cloud environments the impact is highly critical. Redis team has released the patches and urged for immediate updates recommended to secure systems.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Lua Use-After-Free RCE Vulnerability | CVE-2025-49844 | All Redis Software & OSS/CE/Stack versions with Lua scripting | Critical | Redis Software: 7.22.2-12+, 7.8.6-207+, 7.4.6-272+, 7.2.4-138+, 6.4.2-131+ Redis OSS/CE: 8.2.2+, 8.0.4+, 7.4.6+, 7.2.11+ Redis Stack: 7.4.0-v7+, 7.2.0-v19+ |
Technical Summary
The vulnerability comes from a use-after-free (UAF) bug in Redis’s Lua scripting system, caused by improper checks during memory cleanup. Authenticated attackers can send malicious Lua scripts via EVAL or EVALSHA commands to manipulate memory, bypass the sandbox, and run arbitrary code. Even internal servers are at risk if attackers gain network access, making this flaw highly critical for both exposed and internal environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-49844 | All Redis Software & OSS/CE/Stack below the fixed version | A user after free in the Lua garbage collector allows memory corruption via crafted scripts, enabling sandbox escape and RCE | Remote Code Execution |
Recommendations
Upgrade to the below fixed versions immediately.
- Redis Software: 7.22.2-12+, 7.8.6-207+, 7.4.6-272+, 7.2.4-138+, 6.4.2-131+
- Redis OSS/CE: 8.2.2+, 8.0.4+, 7.4.6+, 7.2.11+
- Redis Stack: 7.4.0-v7+, 7.2.0-v19+
Here are some best practices
- Enable Strong Authentication: Configure strong passwords on all the instances, ensure protected-mode is enabled (in CE and OSS) to prevent accidental exposure.
- Network Controls: Restrict access to authorized IPs using firewalls or VPCs, limit access to trusted sources and prevent unauthorized connectivity.
- Limit permissions: To enhance security, user needs to give minimum necessary permissions.
- Monitoring: Check the logs to see if there are any suspicious activities.
- Incident Response: If compromised, isolate systems, rotate credentials, and scan for malware.
Conclusion:
This is a critical vulnerability with a CVSS score of 10.0, affecting all Redis versions with Lua scripting. The widespread Redis usage, default insecure configurations makes this a critical threat. Immediate patching and hardening are essential to prevent full system compromise, data breaches, and further attacks.
References:
Chrome Security Update Fixed Active Zero-Day Exploit & Multiple High-Severity Vulnerabilities
Security advisory : Google has issued a Stable Channel Update for Chrome to address 4 high-severity vulnerabilities, including one zero-day vulnerability (CVE-2025-10585) actively exploited in the wild.
| OEM | |
| Severity | High |
| CVSS Score | N/A |
| CVEs | CVE-2025-10585, CVE-2025-10500, CVE-2025-10501, CVE-2025-10502 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
This flaw, a Type Confusion in the V8 JavaScript and WebAssembly engine, can allow remote attackers to execute arbitrary code outside of Chrome’s security sandbox when users visit maliciously crafted web pages. Users and administrators are urged to update to the latest Chrome version immediately to mitigate potential exploitation
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Type Confusion in V8 Engine | CVE-2025-10585 | Chrome (Windows, Mac, Linux) | High | 140.0.7339.185/.186 |
Technical Summary
The zero-day vulnerability in Chrome’s V8 engine arises from a type of confusion flaw, where object types are misinterpreted, leading to logical errors and memory corruption.
Attackers can exploit this issue when users visit maliciously crafted websites, enabling arbitrary code execution and possible sandbox escape.
This flaw has been confirmed as actively exploited in the wild. In addition to this zero-day, the update also fixes three other high-severity issues, a use-after-free in the Dawn graphics abstraction layer that could lead to memory corruption, a use-after-free in WebRTC that may enable remote code execution, and a heap buffer overflow in ANGLE that could result in program crashes or arbitrary code execution.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-10585 | Google Chrome (Windows, Mac, Linux) | Type confusion in the V8 JavaScript engine could allow memory corruption, arbitrary code execution, and potential sandbox escape | Remote Code Execution / Sandbox Escape |
Other Vulnerabilities
In addition to the zero-day, Google patched three other high-severity vulnerabilities in the same stable channel release.
| Vulnerability Name | CVE ID | Affected Component | Severity |
| Use-after-free in Dawn | CVE-2025-10500 | Chrome GPU Renderer Component (Dawn) | High |
| Use-after-free in WebRTC | CVE-2025-10501 | Chrome WebRTC Audio/Video Communication Module | High |
| Heap Buffer Overflow in ANGLE | CVE-2025-10502 | Chrome Graphics Translation Engine (ANGLE) | High |
Recommendations:
Update Chrome immediately to the following versions:
- Windows/Mac: Chrome 140.0.7339.185/.186
- Linux: Chrome 140.0.7339.185
Here are some Recommendations below
- Manual Update Check: Navigate to “Settings → Help → About Google Chrome” to trigger the update.
- Patch Management: Ensure enterprise update policies enforce Chrome auto-updates.
- Threat Monitoring: Keep monitoring logs for any signs of exploitation
Conclusion:
There are high vulnerabilities in Google Chrome, including an actively exploited zero-day flaw in the V8 JavaScript engine that poses a significant risk of remote code execution and sandbox escape.
Given the severity and confirmed exploitation in the wild, it is imperative that all users and administrators promptly update to the latest Chrome versions to mitigate potential attacks. Immediate action is essential to safeguard systems, data, and user privacy in light of these emerging threats.
References:
- https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/
Recent Comments