A dangerous flaw in how Windows environments handle Kerberos service ticket requests one that significantly expands the practical attack surface for Kerberos relaying in Active Directory.
Continue Reading
Apache Syncope Patched Security Vulnerability Exposes User Password via Hardcoded AES Key
Continue Reading
Summary
| OEM | |
| Severity | Medium |
| CVSS Score | 5.4 |
| CVEs | CVE-2025-55177 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A security vulnerability recently discovered in WhatsApp’s linked device feature that allows users to access WhatsApp across multiple devices, such as phones and computers.
CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting its significance. The flaw allows attackers to send crafted messages that forced WhatsApp to load malicious content from a rogue website without any user interaction. WhatsApp and Apple already patched the issue and users are urged to update their apps immediately to stay protected.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| WhatsApp Incorrect Authorization Vulnerability | CVE-2025-55177 | Medium | 2.25.21.73 and later. WB iOS 2.25.21.78 and later. WhatsApp Desktop for Mac 2.25.21.78 and later. |
Technical Summary
The vulnerability was due to incomplete authorization of synchronization messages in WhatsApp’s linked device feature. This flaw allowed an attacker to send crafted sync messages that could trick WhatsApp into processing content from an arbitrary URL, even if the message came from an untrusted source.
This could result in WhatsApp loading and executing malicious content on the target device without any user interaction. The impact of the attack was significantly increased when combined with a separate Apple OS vulnerability (CVE-2025-43300), making it suitable for sophisticated, targeted exploitation.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-55177 | WhatsApp for iOS (v2.22.25.2 to v2.25.21.72) WhatsApp Business for iOS (v2.22.25.2 to v2.25.21.77) WhatsApp Desktop for Mac (v2.22.25.2 to v2.25.21.77 | Incomplete authorization in the linked device sync feature allowed attackers to send crafted sync messages that caused WhatsApp to load content from an arbitrary URL without user interaction. This could be used to execute malicious code on the device. | Remote code execution, |
Remediation:
Update the WhatsApp in iOS and mac devices to the latest version
Conclusion:
The WhatsApp vulnerability highlights the growing risks of zero-click attacks, where devices can be compromised without any user interaction. This flaw has been exploited in targeted attacks and poses a serious threat to user security and privacy. It is important for all users to keep their apps and operating systems up to date and follow trusted security recommendations
References:
Summary : Security Advisory: Google has issued an urgent security update for Chrome browser users worldwide, addressing a high-severity zero-day vulnerability in the Chrome browser CVE-2025-6554 actively being exploited by cybercriminals.
| OEM | |
| Severity | High |
| CVSS Score | N/A |
| CVEs | CVE-2025-6554 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
This is a type confusion flaw in Chrome’s V8 JavaScript engine allows arbitrary code execution and it’s actively being exploited in the wild.
The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG) on June 25, 2025, and a temporary mitigation was pushed on June 26, 2025. This internal discovery highlights the ongoing security monitoring efforts within Google’s infrastructure.
The mitigation measure passed through a configuration change pushed to all stable channel users across all platforms.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Type Confusion in V8 Engine vulnerability | CVE-2025-6554 | Google Chrome | High | 138.0.7204.96/.97 (Windows) 138.0.7204.92/.93 (Mac) 138.0.7204.96 (Linux) |
Technical Summary
CVE-2025-6554 is a type confusion vulnerability in Chrome’s V8 JavaScript engine. It allows threat actors to exploit memory misinterpretation and execute arbitrary code, potentially compromising the browser or the underlying system. Google has confirmed active exploitation of this flaw.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-6554 | Chrome on Windows, macOS, Linux | Type confusion in the V8 JavaScript engine allows improper memory handling, leading to code execution | Remote code execution. Potential system compromise. |
Remediation:
A full fix is available in the latest stable channel update. Users are strongly advised to update immediately to ensure full protection.
Conclusion:
The exploitation of CVE-2025-6554 in the wild highlights the urgency of applying the latest Chrome security update. Type confusion vulnerabilities like this can lead to full system compromise and are highly sought-after by cybercriminals. Users and organizations should take immediate action to mitigate potential risks.
Organizations using Chrome in enterprise environments should prioritize this update across their networks.
The combination of confirmed active exploitation and the high-severity rating makes this patch deployment critical for maintaining organizational cybersecurity posture.
Refer to Intruceptlabs products & solution for better cyber security posture with Intru360, Gaarud Node
References:
The current cybersecurity landscape continues to evolve, marked by persistent challenges and digital technologies transforming the cyber world. Across industries such as healthcare and financial services, in the month of June,2025, organizations navigated advanced threats, cyber attacks on retail sector including Security advisory’s etc.
Let’s explore the key trends and incidents from June1st -June15th, 2025
Microsoft June 2025 Patch Tuesday addresses a total of 67 vulnerabilities across its product ecosystem. Critical flaws in WebDAV, SMB, SharePoint and Remote Desktop Services highlight the urgency of installing this month’s updates.
Microsoft June 2025 Patch Tuesday – 67 Vulnerabilities Fixed Including 2 Zero-Days
NCSC UK, released set of 6 principles to build Cyber Security culture & Boost Resilience for Orgs
The U.K. National Cyber Security Centre on Wednesday published six cybersecurity culture principles developed through extensive research with industry and government partners.
The principles define the cultural foundations essential for building a cyber-resilient organization and offer guidance on how to cultivate that environment.
NCSC UK, released set of 6 principles to build Cyber Security culture & Boost Resilience for Orgs
Critical 0-Day RCE Vulnerability in Fortinet Products (CVE-2025-32756) Actively Exploited
A critical unauthenticated Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-32756, has been identified in multiple Fortinet products.
The flaw is currently under active exploitation, allowing attackers to take full control of affected systems via a buffer overflow in the /remote/hostcheck_validate endpoint. A public PoC is available, significantly increasing the risk to unpatched devices.
CVE-2025-32756 is a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting multiple Fortinet products. The vulnerability resides in the /remote/hostcheck_validate endpoint and is due to improper bounds checking when parsing the enc parameter of the AuthHash cookie.
POC Released for Critical RCE Vulnerability in AWS Amplify Codegen-UI
A critical security vulnerability has been disclosed in AWS Amplify Studio’s UI generation framework, with researchers releasing a proof-of-concept exploit demonstrating remote code execution capabilities. AWS addressed the issue in version 2.20.3, replacing the unsafe eval() with a sandboxed expression evaluator.
Vulnerable versions used eval() to interpret stringified JavaScript expressions in UI components. This allowed injection of malicious expressions such as shell commands, due to the absence of validation or blacklisting.
Splunk Enterprise & Cloud platform found that (XSS) vulnerability existed & affects their multiple versions
Splunk has disclosed a medium-severity cross-site scripting (XSS) vulnerability affecting multiple versions of its Enterprise and Cloud Platform products that could allow low-privileged attackers to execute malicious JavaScript code in users’ browsers.
A security vulnerability identified as CVE-2025-20297 has been found in older versions of Splunk Enterprise and Splunk Cloud Platform.
Reflected XSS Vulnerability in Splunk Enterprise & Cloud Platform
(DoS) Vulnerability has been identified in ModSecurity, an open-source web application
The issue affects versions prior to 2.9.10 and related to the “sanitiseArg” action, which can be exploited by adding an excessive number of arguments, ultimately causing the system to fail or crash. The vulnerability has been fixed in version 2.9.10.
This vulnerability is similar to this CVE-2025-47947 issue, presents a significant risk, especially for organizations relying on ModSecurity 2.x versions for web application protection.
High Risk DoS Vulnerability in ModSecurity WAF
Multiple vulnerabilities have been discovered in IBM QRadar Suite Software and Cloud Pak, affecting versions 1.10.0.0 through 1.11.2.0.
The company released patches on June 3, 2025, addressing five distinct Common Vulnerabilities and Exposures (CVEs) that affect enterprise security infrastructure used by organizations worldwide.
The most critical vulnerability (CVE-2025-25022) allows unauthenticated access to sensitive configuration files. IBM has released version 1.11.3.0 to address these issues.
Critical Vulnerabilities Patched in IBM QRadar Suite & Cloud Pak for Security
Google has released a critical out-of-band security update for its Chrome browser to address CVE-2025-5419.
Rated as high-severity zero-day vulnerability in the V8 JavaScript engine that is currently being actively exploited in the wild. Google has released a critical out-of-band security update for its Chrome browser to address CVE-2025-5419.
This vulnerability allows attackers to execute arbitrary code on users’ systems through specially crafted web content, making it a serious threat requiring immediate attention.
Google Chrome Patches Actively Exploited Zero-Day Vulnerability
Cyber threats are no longer limited to human attackers, with AI-driven “bad bot” attacks now accounting for 1/3 as per research. These attacks can be automated, allowing attackers to launch more extensive and efficient campaigns
Organizations are now exposed new risks, providing cybercriminals with more entry points and potential “surface areas” to exploit as they go digital and adopt to innovations and wider use of digital technologies.
Some of the types of bad bots are DDoS bots, which disrupt a website or online service by overwhelming it with traffic from multiple sources.
IntruceptLabs now offers Mirage Cloak and to summarise Mirage Cloak offers various deception methods to detect and stop threats before they cause damage.
These methods include adding decoys to the network, deploying breadcrumbs on current enterprise assets, using baits as tripwires on endpoints.
This is executed by setting up lures with intentionally misconfigured or vulnerable services or applications.
The flexible framework also lets customers add new deception methods as needed.
Conclusion: Organizations can better protect their digital assets and ensure business continuity by understanding the key components and best practices for building a successful SOC.
At the end we must accept that to defend against any sort of AI attack, SOC teams must evolve with right collaborations and effective communication between partners seamlessly to evaluate information to stay ahead of attackers.
For the month of May 2025 here are the Top News including Security Advisory & Blogs
Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit
A high-severity vulnerability (CVE-2025-2082) in Tesla Model 3’s Vehicle Controller Security (VCSEC) module allows attackers within wireless range to remotely execute arbitrary code by exploiting a flaw in the Tire Pressure Monitoring System (TPMS)
The FBI issued an alert warning of ongoing exploitation of 13 EOL Linksys/Cisco routers by cybercriminal groups operating the 5Socks and Anyproxy services.
Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days
Microsoft addressed 83 vulnerabilities across its product suite. Among them are 5 zero-day vulnerabilities have been confirmed as actively exploited in the wild. The updates span Windows components, Office, Visual Studio, and other core services.
11 vulnerabilities were rated critical, emphasizing the importance of timely remediation especially for enterprise environments.
5 non-Microsoft CVEs included
78 Microsoft CVEs addressed
Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required
SAP has released critical security updates for its May 2025 patch, including fixes for two actively exploited zero-day vulnerabilities in SAP NetWeaver Visual Composer.
SAP Visual Composer is not installed by default, however it is enabled because it was a core component used by business process specialists to develop business application components without coding.
CISA is officially changing the way it disseminates online security updates and guidance.
CISA says the enhanced information dissemination system will from now on use social media and email only to disperse cybersecurity alerts and advisories, saving its landing page for more critical warnings on May 12.
Updates on May 13
Just a day after announcing it was changing the way it sent out alerts, CISA has changed its mind and reverted back to its old system of putting everything on its website.
“We recognize this has caused some confusion in the cyber community,” the site now reads. “As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.”
Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk
A zero-day vulnerability (CVE-2025-4664) in Google Chrome’s Loader component has been actively exploited in the wild.This flaw allows attackers to bypass security policies, leak cross-origin data, and potentially execute unauthorized code. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching.
Recent Comments