Threat intelligence

Security Advisory

Google Chrome Patches Actively Exploited Zero-Day Vulnerability 

Summary : Security Advisory

Google has released a critical out-of-band security update for its Chrome browser to address CVE-2025-5419.

Rated as high-severity zero-day vulnerability in the V8 JavaScript engine that is currently being actively exploited in the wild.

OEM Google 
Severity HIGH 
CVSS Score 8.8 
CVEs CVE-2025-5419 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

This vulnerability allows attackers to execute arbitrary code on users’ systems through specially crafted web content, making it a serious threat requiring immediate attention. 

In addition to the zero-day fix, this update also includes a patch for CVE-2025-5068, a medium severity use-after-free vulnerability in Blink, chrome’s rendering engine.

While less critical, such flaws can still result in memory corruption and possible code execution. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Out-of-bounds memory access vulnerability  CVE-2025-5419 Google Chrome  High  137.0.7151.68/.69 (Win/Mac), 137.0.7151.68 (Linux) 

Technical Summary 

This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group.

This flaw affects the V8 JavaScript engine and allows attackers to execute arbitrary code via crafted web content.

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-5419  Chrome (all platforms) Out-of-bounds read and write in the V8 JavaScript engine; triggered via malicious HTML   Arbitrary code execution, memory compromise, remote attack 

Remediation

Apply Patches Promptly: Upgrade to Chrome version 137.0.7151.68/.69 or later for Windows and macOS, and 137.0.7151.68 or later for Linux to mitigate the vulnerabilities. 

General Recommendation: 

  • Prioritize Zero-Day Fixes: Treat this patch as high priority due to confirmed in-the-wild exploitation. Immediate action is critical to prevent potential system compromise. 
  • Update Chromium-Based Browsers: Ensure Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are updated as soon as vendor-specific patches are released. 
  • Automate Browser Updates: Enable automatic updates in Chrome and Chromium environments to maintain timely patching against emerging threats. 
  • Enterprise Patch Rollout: Administrators should fast-track deployment of the fixed version across all endpoints, particularly in high-risk or externally exposed environments. 
  • Monitor for Threat Activity: Continuously monitor browser and network activity for signs of exploitation attempts targeting vulnerable versions. 

Conclusion: 
CVE-2025-5419 poses a significant security risk with confirmed active exploitation in the wild.

Google’s swift action highlights the urgency of this threat. All users are strongly advised to update their Chrome browsers immediately. Delaying this update could expose systems to compromise through malicious web content exploiting this zero-day vulnerability. 

While Chrome will automatically update when new security patches are available, users can speed up the process by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the ‘Relaunch’ button to install it immediately.

References

Blogs

Ways to combat Cyber Threats; Strengthen your SOC’s readiness involves 3 key strategies

Cyber threats are no longer limited to human attackers, with AI-driven “bad bot” attacks now accounting for 1/3 as per research. These attacks can be automated, allowing attackers to launch more extensive and efficient campaigns

Organizations are now exposed new risks, providing cybercriminals with more entry points and potential “surface areas” to exploit as they go digital and adopt to innovations and wider use of digital technologies.

Some of the types of bad bots are DDoS bots, which disrupt a website or online service by overwhelming it with traffic from multiple sources.

Cybercriminals are using Gen-AI tools to improve the efficiency and yield of their campaigns – with Check Point Research’s recent AI Security Report 2025 flagging the use of the technology for malicious activities like AI-enhanced impersonation and social engineering.

Account takeover bots, which use stolen credentials to access users’ online accounts; web content scraping bots, which copy and reuse website content without permission; and social media bots, which spread fake news and propaganda on social media platforms.

The purpose of Bad Bot is expose critical flaws and vulnerabilities within the security frameworks that IT leaders have established in their architectures and operations.

Unfortunately, traditional security operations centers (SOCs) are built to detect threats based on predefined rules and human-driven logic or characteristics.

 AI-powered bots use automation and adaptive methods to execute more sophisticated and dynamic attacks that can bypass these existing defences.

Vulnerabilities are evolving so SOC team have more responsibilities then before as BOTs are AI powered.

Here we outlined three strategies to strengthen your SOC readiness

1.SOC team an essential or important component of business are in Fatigue Zone:

SOCs continuously monitor your organization’s network, systems, and applications to identify potential vulnerabilities and detect any signs of malicious activity.

SOC team quickly takes action to contain the threat and minimize damage, ultimately reducing the overall impact on your business.

Ponemon institute research say SOC teams are fatigued and one research pointed that 65% has fatigue and burn out issues.

That means Cyber security need to support the SOC teams and research found highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout.

Threat hunting teams have a difficult time identifying threats because they have too many IOCs to track, too much internal traffic to compare against IOCs.

Sometimes organizations have lack internal resources and expertise and too many false positives. 

Bringing out SOC team from fatigue issue is as important as investing on training, upskilling on cyber skills and development to keep your team’s spirit high.

Establish Key Performance Indicators (KPIs) to measure the effectiveness of your SOC. Monitor these KPIs closely and use them to identify areas for improvement.

2. How do Organization harness Nex-gen technology to combat cyber Threats

Staying abreast of industry trends and best practices to ensure your SOC teams remains at the forefront of cyber security or ahead of the curve with Nex-gen technologies.

So that SOC teams can detect and respond to threats more quickly and efficiently, get holistic view of organizations security posture, AI and ML can augment the SOC team by automating routine task.

Many organizations are adopting hybrid cloud infrastructure and SaaS applications for productivity and cost efficiency reasons. But organizations face difficulty of managing and securing the data on those platforms, which is again leading to higher breach costs.

Darktrace report says 78% of the more than 1,500 security executives responding to a recent survey said that AI-powered threats are having a significant impact on their organizations – with many admitting they lack the knowledge, skills, and personnel to successfully defend against those threats.

Many organizations are already leveraging AI as a cyber-security tool.

Now more IT leaders say they are integrating AI into their cloud strategies for use in advanced security and threat detection.

Organizations can encounter several challenges when integrating AI into their cloud strategies.

Along with SOC team who seamlessly integrate across the organization, same is for AI. Seamless integrations of AI will make it easier for AI-assisted threat detection, notification, enrichment and remediation.

The purpose is AI should focus on tuning models that is organization specific environment. Once done AI will integrate threat intelligence and filtering will be done based on specific context.  This will help reinforcing trust with customers and stakeholders.

3. Investing in Predictive Threat Modelling priority  for Nex-gen SOC Teams

In this era where AI is being leveraged by organisation to derive accuracy, SOC teams who are evolving will prefer investing in intelligence predictive threat models that are proactive in nature to anticipate risks and refine their response strategies.

When organizations have a Threat Intelligence-Driven SOC  it is easier to transform security operations from reactive to proactive defence. Most of the organization builds and operates its own SOC. That is done by employing a dedicated team of cyber security professionals who offers to take complete control over security operations but can be resource-intensive.

AI makes the process easier, as having AI-driven analytics will assist detect anomalous behaviours and zero-day threats.

Further with implementing predictive threat modelling to anticipate emerging attack patterns and leveraging the right frameworks, tools and best practices will help organizations build an intelligence-driven SOC. And with an intelligence-driven SOC team, anticipating any cyber threats can be dealt with efficiency.

IntruceptLabs now offers Mirage Cloak and to summarise Mirage Cloak offers various deception methods to detect and stop threats before they cause damage.

These methods include adding decoys to the network, deploying breadcrumbs on current enterprise assets, using baits as tripwires on endpoints.

 This is executed by setting up lures with intentionally misconfigured or vulnerable services or applications.

The flexible framework also lets customers add new deception methods as needed.

Conclusion: Organizations can better protect their digital assets and ensure business continuity by understanding the key components and best practices for building a successful SOC.

At the end  we must accept that to defend against any sort of AI attack, SOC teams must evolve with right collaborations and effective communication between partners seamlessly to evaluate information to stay ahead of attackers.

Sources: What is SOC (Security Operations Center)?

Blogs

Cyberespionage Group Blind Eagle Infects 1,600 Orgs in Colombia

URL manipulation attack; An agile attack methodology

Continue Reading
Blogs

CTI & SOC Team’s Compliment Holistic Threat Hunting

SOC & CTI Compliment each other in threat Hunting

Continue Reading
Security Advisory

Banshee Stealer: A Growing Threat to macOS Users 

Overview 

Cybersecurity researchers at Check Point Research (CPR) have discovered a sophisticated macOS malware called Banshee Stealer, putting over 100 million macOS users globally at risk. The malware, designed to exfiltrate sensitive user data, demonstrates advanced evasion techniques, posing a significant threat to users and organizations relying on macOS. 

Key Threat Details: 

Malware Capabilities: 

  • Data Theft: Banshee Stealer targets browser credentials, cryptocurrency wallets, and sensitive files, compromising user security. 
  • User Deception: It displays fake system pop-ups to trick users into revealing their macOS passwords, facilitating unauthorized access. 
  • Encryption and Exfiltration: Stolen data is compressed, encrypted, and transmitted to command-and-control (C&C) servers through stealthy channels, making detection challenging. 

C&C decryption     Source: Cybersecurity News 

Evasion Tactics: 

  • Advanced Encryption: The malware utilizes encryption techniques similar to Apple’s XProtect, camouflaging itself to evade detection by traditional antivirus systems. 
  • Stealth Operations: It operates seamlessly within system processes, avoiding scrutiny from debugging tools and remaining undetected for extended periods. 

Distribution Mechanisms: 

  • Phishing Websites: Banshee Stealer impersonates trusted software downloads, including Telegram and Chrome, to deceive users into downloading malicious files. 
  • Fake GitHub Repositories: It distributes DMG files with deceptive reviews and stars to gain user trust, facilitating the spread of the malware. 

Repository releases     source: Cybersecurity News 

Recent Developments: 

  • Expanded Targeting: The latest version of Banshee Stealer has removed geographic restrictions, such as the Russian language check, broadening its target audience globally. 
  • Source Code Leak: Following a source code leak, there has been increased activity, enabling other threat actors to develop variants and intensify the threat landscape. 

Impact: 

  • Users: Compromised browser data, cryptocurrency wallets, and personal files can lead to identity theft and financial losses. 
  • Organizations: Potential data breaches can result in reputational damage, financial losses, and legal implications. 
  • Global Threat: The malware’s expanded targeting underscores the need for enhanced vigilance among macOS users worldwide. 

Indicators of Compromise (IOCs): 

The IOCs listed below are associated with the threat. For the full list of IOCs, please refer to the link

IP Address and Domain  File Hash 
41.216.183[.]49 00c68fb8bcb44581f15cb4f888b4dec8cd6d528cacb287dc1bdeeb34299b8c93 
Alden[.]io 1dcf3b607d2c9e181643dd6bf1fd85e39d3dc4f95b6992e5a435d0d900333416 
api7[.]cfd 3bcd41e8da4cf68bb38d9ef97789ec069d393306a5d1ea5846f0c4dc0d5beaab 
Authorisev[.]site b978c70331fc81804dea11bf0b334aa324d94a2540a285ba266dd5bbfbcbc114 

Recommendations: 

To mitigate the risks associated with Banshee Stealer, consider implementing the following proactive measures: 

  1. Avoid Untrusted Downloads: 
  • Refrain from downloading software from unverified sources, particularly free or “cracked” versions. 
  • Verify the authenticity of GitHub repositories before downloading any files. 
  1. Strengthening System Defenses: 
  • Regularly update macOS and all installed applications to patch known vulnerabilities. 
  • Deploy advanced security solutions with real-time threat detection and proactive intelligence. 
  1. Enhance Awareness and Training: 
  • Educate users on identifying phishing websites and suspicious downloads. 
  • Encourage caution when responding to system prompts or entering credentials. 
  1. Enable Two-Factor Authentication (2FA): 
  • Secure accounts with 2FA to minimize the impact of stolen credentials. 
  1. Monitor System Activity: 
  • Regularly review system logs for unauthorized changes or suspicious activity. 
  • Use tools to monitor unexpected outgoing data transmissions. 
  • Utilize threat intelligence feeds to detect and block IOCs like malicious IPs, domains, and file hashes.  
  • Continuously monitor network traffic, emails, and file uploads to identify and mitigate threats early. 

Conclusion: 

The rise of the Banshee malware exemplifies the increasing sophistication of threats targeting macOS. Users and organizations must adopt layered security defenses, maintain vigilance, and prioritize awareness to mitigate the risks of advanced malware like Banshee. By leveraging updated tools and practices, you can safeguard critical systems and data from evolving cyber threats. 

References

Scroll to top