Vulnerabilities in Cloud Exposure; File Sharing Sites Being Hacked
Cloud exposure led to breach by hackers
Continue ReadingInfosec
Organizational Preparedness will Help Protect Against Unorthodox Cyber Attack
Type of AI based attack vectors & organizational preparedness to Threat mitigation in 2026
AI based attacks is already there and what’s more, now organizations need to protect themselves against any unorthodox attack vector’s i.e AI based. Organizational readiness to thwart any unorthodox attack vectors like AI will determine organizational security from cyber threats are.
Any preparedness by organizations to protect and combat AI powered cyber Attacks will take lot of precession as AI based attack occur at scale and speed both. In backdrop of any cyber attack that is not common how do organization’s prepare and what does statistics from 2025 reveal.
Most of AI powered attacks are not conventional in nature and traditional cybersecurity tools often struggle to respond effectively to these threat.
AI-enabled attack that organizations need to prepare for in 2026
For organizations dealing with an attack vector which are unorthodox or AI in nature require man power or skilled cyber force and tools that are automated to detect and thwart the attack before they advance towards the institutions in advance.
AI’s has capacity to process and learn vast amounts of data and in cybersecurity this is termed as powerful and presents unique challenges as well as risks. Present attack scenario we have witnessed how AI take to automate and optimize malicious activity.
For defenders AI is boon and can detect, predict and mitigate threats in real time. However, the increasing sophistication of AI-powered threats is outpacing traditional defense mechanisms.
What are the types of AI powered Attack
Hacking which is Automated and AI algorithms based, can identify and exploit vulnerabilities faster than human capabilities.
Next in line is AI- Phishing and Cybercriminals use AI to create personal and convincing phishing emails. What AI does here is to analyze data from other sources to generate highly customized messages capable of influencing.
Deepfakes are growing in form of realistic fake videos or audio impersonating public figures in order to spread misinformation, manipulate public opinion, or conduct social engineering attacks.
Corrupting AI Models via data fed into AI systems to manipulate outcomes and is particularly concerning in critical systems. This showcases the dangerous potential of AI-powered cyber attacks.
Key findings by Organizations – AI based cyber security findings.
The evolving nature of AI means that new attack vectors are constantly being developed, making detection difficult for organizations. These are below mentioned take aways from 2025 regarding AI driven cyber threats.
- 51% of European IT and cybersecurity professionals feared AI-driven cyber threats and deepfakes will keep them up at night in 2026
- Only 14% feel their organizations are ‘very prepared’ to manage the risks associated with generative AI
- Other concerns for the year ahead include regulatory complexity, ransomware attacks, and the failure to detect and respond to a breach, causing irreparable harm to the business
- Less than half of organizations plan to hire more talent to manage and mitigate these concerns
- In the Cisco 2025 Cybersecurity Readiness Index: 86% of business leaders with cyber responsibilities reported at least one AI-related incident over the past 12 months.
- IBM reports that 51% of enterprises now use security AI or automation, and those organizations experience $1.8 million lower average breach costs than those without it.
- Trend Micro’s mid-2025 scans revealed over 200 unprotected Chroma servers and 3,000+ AI components publicly exposed online, allowing data theft or model poisoning.
What do cyber security leadership require most in 2026 is having clear actionable path regarding AI based attack and threat mitigation.
A mindset change is required by CEOs, CISO’s and CXOs where focus should be to start building resilience against intelligent AI attacks.
Cybersecurity has become integral part of lives and especially 2025 was the year of cybercrimes and data breaches across verticals. As the new year commences, starting the year on a positive note with cyber-security resolutions such as
– Prioritize employee training on evolving AI based threats
– Enhance endpoint protection
– Secure data & ways to scarping
– Securing PII data during data lifecycle
– Fortify your incident response and business continuity plans
– Extend more focus on third-party security assessments
– Ensure robust cloud security is aligned with data privacy regulations
– Embrace multi-factor authentication (MFA)
– Safeguarding against AI-driven cybercrimes.
– Engaging often with board and leadership
Sources: https://www.isaca.org/about-us/newsroom/press-releases/2025/ai-driven-cyber-threats-are-the-biggest-concern-for-professionals-finds-new-isaca-research
Apple iOS & iPadOS Patch 0-Days Vulnerabilities, Exploited in Targeted Attacks
Apple iOS & iPadOS Patch Zero-Days Vulnerabilities, Exploited in Targeted Attacks
Continue Reading
Enterprise Flaw ‘GeminiJack’ ZeroClick in Gemini Fixed by Google: Case of Prompt Injection Attack
Google Fixes Gemini Enterprise Flaw
Continue Reading
Attackers to Bypass FortiCloud-SSO Authentication;Patches Released for FortiOS, FortiProxy, FortiWeb
Fortinet Patches Released for FortiOS, FortiProxy, FortiWeb
Continue Reading
Surge in Cyber Security Spending; Focus on Cloud Security & AI
Surge in Cyber Security Spending; Focus on Cloud Security & AI in 2026
Continue Reading
Chrome 143 Update Released, Fixes RCE & Multiple High Severity Vulnerabilities
Summary : Several high severity vulnerabilities were recently identified in Google Chrome, impacting core components such as the V8 JavaScript engine, Chrome Updater, DevTools and Digital Credentials module.
The primary high-severity vulnerability, a Type Confusion bug in the V8 engine (CVE-2025-13630), could allow attackers to achieve memory corruption that may lead to remote code execution via malicious web content. Google says that that it handed out $11,000 for the V8 vulnerability and $3,000 for the Google Updater bug.
| Severity | High |
| CVSS Score | Not Published |
| CVEs | CVE-2025-13630, CVE-2025-13631, CVE-2025-13632, CVE-2025-13633 & 9 other CVEs. |
| POC Available | No public PoC at release time |
| Actively Exploited | No confirmed exploitation |
| Exploited in Wild | Not confirmed for Chrome 143 |
| Advisory Version | 1.0 |
Overview
Other vulnerabilities like privilege escalation, unauthorized actions or browser misuse have been patched in the latest Chrome update. Administrator and users are strongly urged to update to the chrome 143 release immediately.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Type-Confusion Vulnerability in V8 JavaScript Engine | CVE-2025-13630 | Chrome | High | v143.0.7499.40/41 |
| Inappropriate Implementation in Google Updater | CVE-2025-13631 | Chrome | High | v143.0.7499.40/41 |
| Inappropriate Implementation in DevTools | CVE-2025-13632 | Chrome | High | v143.0.7499.40/41 |
| Use-After-Free Vulnerability in Digital Credentials | CVE-2025-13633 | Chrome | High | v143.0.7499.40/41 |
Technical Summary
Several high-severity vulnerabilities were addressed in Google Chrome versions prior to 143.0.7499.40/41. The most critical involves a type of confusion flaw in the V8 JavaScript engine, which permits remote attackers to exploit improper object type handling, causing heap corruption when a user accesses a specially crafted webpage and potentially leading to remote code execution under certain conditions.
Other significant issues include a flawed update mechanism that may trigger unintended actions during updates, a logic error within DevTools that could result in tool misuse or unintended execution paths, and a use-after-free vulnerability in the digital credential processing components that may cause memory corruption and browser instability.
Together, these flaws can be exploited to bypass update protections, escalate privileges, disrupt developer tools, or compromise sensitive credential operations.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-13630 | Chrome 142 and prior | Type Confusion in V8 engine allows crafted JavaScript to trigger memory corruption leading to possible arbitrary code execution | Remote Code Execution |
| CVE-2025-13631 | Chrome 142 and prior | Inappropriate implementation in Chrome Updater may allow unauthorized update-related actions | Privilege Escalation |
| CVE-2025-13632 | Chrome 142 and prior | Inappropriate implementation in DevTools may allow unintended function execution | Unauthorized Code Paths / Sandbox Interaction |
| CVE-2025-13633 | Chrome 142 and prior | Use-after-free in Digital Credentials processing leads to memory corruption | Memory Corruption / Crash |
Remediation:
- Upgrade Chrome to the latest version: 143.0.7499.40/41 (Windows, Mac, Linux).
Here are some recommendations below
- Manual Update Check: Navigate to
Settings → Help → About Google Chrome to trigger the update.
- Enforce Chrome auto-updates through enterprise patch management policies.
- Enable endpoint exploit protection such as browser sandboxing to strengthen environment security.
- Continuously monitor logs for unusual crashes, script anomalies, or signs of exploitation attempts.
Conclusion:
Chrome 143 patches critical flaws in the JavaScript engine, updater, DevTools, and credentials, preventing remote code execution and memory corruption.
Users and administrators are strongly advised to promptly upgrade to the latest Chrome version and implement security best practices such as enforcing automatic updates, enabling endpoint exploit protections and monitoring for any signs of exploitation to maintain a strong defense against potential attacks.
Additionally, Google announced that the browser’s Extended Stable channel has been updated to version 142.0.7499.226 for Windows and macOS.
References:
Android Security Patch December 2025 Fixed 100+ Vulnerabilities Including Zero-Days
Android security Patch: Google has released the Android Security update for December 2025 addressing over 100 vulnerabilities and two actively exploited zero-day vulnerabilities across Framework, System, Kernel, and vendor components like Qualcomm, MediaTek, and Unisoc.
The most severe issues include a critical remote denial-of-service flaw in Framework and multiple zero-day elevation-of-privilege vulnerabilities actively exploited.
| OEM | Google Android |
| Severity | Critical |
| CVSS Score | 9.8 |
| CVEs | CVE-2025-48631, CVE-2025-48633, CVE-2025-48572 & 104 more CVEs |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
These flaws could enable attackers to crash devices remotely, escalate privileges locally, or disclose sensitive data without additional execution privileges. Android users are urged to immediate updates as soon as available.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Remote Denial-of-Service Vulnerability | CVE-2025-48631 | Android Framework | Critical | Dec 2025 Android Security Update |
| Information Disclosure Zero-Day Vulnerability | CVE-2025-48633 | Android Framework | High | Dec 2025 Android Security Update |
| Elevation of Privilege Zero-Day Vulnerability | CVE-2025-48572 | Android Framework | High | Dec 2025 Android Security Update |
Technical Summary
The December 2025 Android vulnerabilities primarily impact Framework (remote DoS, EoP, ID), System (local privilege escalation), and Kernel (pKVM/IOMMU flaws), with additional high-severity issues in vendor components from Qualcomm, MediaTek, Arm and Unisoc. Critical zero-days like the Framework remote DoS enable attacker-initiated crashes without privileges, while EoP flaws allow local escalation for background activity launch or data access.
Organizations and users should treat these vulnerabilities as critical due to active exploitation. Updating all devices to the 2025 December, security patch level is strongly recommended to stay protected.
| CVE ID | Vulnerability Details | Impact |
| CVE-2025-48631 | Framework vulnerability that allows a remote attacker to cause a device crash, reboot loop, or render it unresponsive without requiring additional privileges or user interaction. | Remote device crash, Denial of service |
| CVE-2025-48633 | This exploiting framework information disclosure flaw that exposes sensitive internal system data, enabling attacker reconnaissance or exploit chaining | Data leakage, privacy violation |
| CVE-2025-48572 | This exploiting elevation of privilege vulnerability within the Framework that allows attackers to gain higher system privileges, enabling unauthorized operations | Privilege escalation, arbitrary code execution |
These additional vulnerabilities include 104 other Critical and High-severity issues that could allow data exposure, system instability, or service disruptions. Applying the latest update is important as these vulnerabilities still have significant security risks if left unpatched.
Remediation:
- Update all Android devices to the latest Security Patch when it’s available.
Conclusion:
These vulnerabilities, including actively exploited zero-days, pose severe risks to Android devices enabling remote crashes, privilege escalation, and data exposure. It is recommended to update to the both personal and enterprise Android devices to the latest security patch for December, 2025.
References:
Urgent OpenVPN Security Patch to Stop Remote Denial of Service Attacks
OpenVPN vulnerabilities
Continue Reading
AI Cyber-Attack is Lethal, Crafted to Empower Hackers; Calls for Cyber Readiness as Enterprise Security Strategy
Japanese Brewing Giant Asahi, Exposed to Cyber-Attack; CAI Cyber-Attack is Lethal, Crafted to Empower Hackers Calls for Cyber Readiness
Continue Reading
Recent Comments