Surge in Cyber-Attacks Globally as Attackers Leverage AI; Check Point Report
AI-Driven Attacks Become More Autonomous
Continue ReadingThreat intelligence
Malicious Extensions Copies Legitimate Apps; Chrome Under Spotlight
Chrome under spotlight
Continue Reading
AI Cyber-Attack is Lethal, Crafted to Empower Hackers; Calls for Cyber Readiness as Enterprise Security Strategy
Japanese Brewing Giant Asahi, Exposed to Cyber-Attack; CAI Cyber-Attack is Lethal, Crafted to Empower Hackers Calls for Cyber Readiness
Continue Reading
Surge in Ransomware attack reveal sophistication of Threat actors that strategically focuses on industries to incentivizes Ransom payment
- The United States remains the primary target for Ransomware attacks
- UK is preparing to ban any Ransomware payments for critical infrastructure companies
- Manufacturing, Technology and Healthcare top targeted sectors, with the Oil & Gas industry experiencing a remarkable 935% increase in attacks as per Zscaler report
- RaaS market growth drivers
There has been improvement in cyber resilience but it has been observed when too many entities pay ransom, each payment provides gateway for next attack as the payment incentivise.
Ransomware attack target pattern reveals how threat actors are strategically focusing on industries where operational disruption, data sensitivity, and regulatory concerns create maximum leverage.
In the beginning of July 2025, Federal authorities, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), have issued a high-priority advisory warning about the escalating threat posed by the Medusa ransomware group.
Medusa ransomware group ramped up its attacks, increasingly targeting users of major email service providers like Gmail and Outlook. Medusa’s reach extends across multiple industries, with healthcare, education, legal services, insurance, technology, and manufacturing among the hardest hit.
Now UK is preparing to ban any Ransomware payments for critical infrastructure companies, local governments, schools and publicly funded entities like the NHS. The new ransomware payment proposal is just one part of a package of new regulations slated to soon go into effect in the UK, mostly centered on the Cyber Resilience Bill.
The new UK rules would additionally require all business types that are not impacted to notify the government when they intend to make a ransomware payment and may be required to seek guidance on the possibility of the payment violating sanctions on cybercriminal groups.
Surge in ransomware attacks
Zscaler released its annual ThreatLabz 2025 Ransomware Report, revealing a dramatic 146% surge in ransomware attacks blocked by their cloud platform
The report highlights a significant shift in attack strategies, with threat actors increasingly focusing on data extortion over encryption.
Key findings show that ransomware groups stole 238 TB of data, representing a 92% increase year-over-year.
The report identifies Manufacturing, Technology, and Healthcare as the most targeted sectors, with the Oil & Gas industry experiencing a remarkable 935% increase in attacks.
The United States remains the primary target, accounting for 50% of all attacks with 3,671 incidents. RansomHub emerged as the most active group with 833 publicly named victims, followed by Akira (520) and Clop (488).
Ransomware and Crypto market
Well ransomware technique might have changed its pattern but not tactics, with crytpcurrencies it marked a major change and turning point in the world of cyber security.
How can we forget WannaCry (2017), it was perhaps the most infamous ransomware attack in history, caused global disruption by exploiting a Windows vulnerability.
The demand was Bitcoin, but its scale and method were more advanced but not the first.
BlackSuit ransomware extortion sites seized in Operation Checkmate
Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years.
Yesterday 28 july, the websites on the BlackSuit .onion domains were replaced with seizure banners announcing that the ransomware gang’s sites were taken down by the U.S. Homeland Security Investigations federal law enforcement agency as part of a joint international action codenamed Operation Checkmate.
Key trends Key driving the Ransomware Protection Market
The demand for ransomware protection solutions is further fuelled by the growing number of cyber-attacks targeting businesses, particularly in the BFSI sector, which remains the largest revenue generator in the market.
The demand for RaaS based products growing due to corporate digitization, and the advent of crypto currency like Bitcoin are the key market drivers enhancing the market demand and growth.
This include technological advancements and increasing cyber threats.
- Market size in 2024: USD 32.24 billion; projected to reach USD 93.35 billion by 2032.
- End-point security segment accounted for 35% of market revenue.
- BFSI sector generated the most income, with significant ransomware attacks reported.
- Managed services segment dominated the market, catering to SMEs for enhanced cyber security.
Of all the reasons, cyber attacks now focus on any vulnerability as many businesses are switching to cloud services. In response to the ransom, distributed denial-of-service (DDoS) attacks are launched, which continue until the ransom is paid or the data risks being permanently lost.
Cybercriminals may breach into sites for trading cryptocurrencies and steal money. Crypto currency is currently the most widely used payment method in the event of a ransomware attack
Email remained the primary entry point in 96% of the reviewed breaches, accounting for 93%.
Social attacks are roughly three times more likely to cause breaches in businesses than physical vulnerabilities, highlighting the importance of regular staff cybersecurity training.
It has caused business to start researching ransomware defenses and has significantly increased demand for these defenses in the market under investigation.
Around the world, there are more data leaks and other security breaches. Phishing attacks have been used against numerous businesses from various industries at some point.
APEC market for Ransomware expected to grow
The Asia-Pacific Ransomware Protection Market is expected to grow at the fastest CAGR from 2023 to 2032.
This is due to the growing economies of China, India, and Australia spending extensively on cyber security solutions; Asia Pacific is also predicted to have growth potential in the ransomware prevention market.
Moreover, China’s Ransomware Protection market held the largest market share, and The Asia-Pacific region’s fastest-growing market for ransomware protection was India.
The market for Ransomware Protection industry has recently provided some of the most important benefits. Major players in the Ransomware Protection market, are attempting to increase market demand by investing in research and development operations.
Ransomware Protection Industry Developments
Intrucept has launched Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst.
Unify latest threat intelligence and security technologies to prioritize the threats that pose the greatest risk to your company.
Here are some features we offer:
- Over 400 third-party and cloud integrations.
- More than 1,100 preconfigured correlation rules.
- Ready-to-use threat analytics, threat intelligence service feeds, and prioritization based on risk.
- Prebuilt playbooks and automated response capabilities.
Source:
BlackSuit ransomware extortion sites seized in Operation Checkmate
Ransomware attacks surge despite international enforcement effort | Cybersecurity Dive
Google Addresses Actively Exploited Zero-Day Vulnerability CVE-2025-6558 in Chrome
Google has issued a critical emergency update for the Chrome browser to address CVE-2025-6558, a zero-day vulnerability that is actively being exploited in the wild. This high-severity flaw exists in Chrome’s ANGLE and GPU components, which are responsible for rendering graphics in the browser.
Summary
| OEM | |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-6558 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Exploitation of this vulnerability could allow attackers to execute malicious code or gain unauthorized access to user systems. The update is being rolled out for Windows, macOS and Linux platforms.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Improper Input Validation in ANGLE/GPU Stack vulnerability | CVE-2025-6558 | Google Chrome | High (Zero-day) | 138.0.7204.157/.158 (Windows/macOS), 138.0.7204.157 (Linux) |
Technical Summary
CVE-2025-6558 is a high-severity vulnerability caused by improper validation of untrusted input in Chrome’s ANGLE (Almost Native Graphics Layer Engine) and GPU components. These components translate graphics instructions and interact closely with the system’s native APIs.
The flaw was discovered by Google’s Threat Analysis Group (TAG) and is being actively exploited in real-world attacks. If left unpatched, it could enable attackers to compromise the browser rendering process and potentially execute arbitrary code on the user’s device.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-6558 | Chrome on Windows, macOS, Linux | Untrusted input is incorrectly validated, allowing malicious manipulation of graphics rendering | Remote code execution through active exploitation |
Additional Vulnerabilities Patched in This Update
In addition to the zero-day CVE-2025-6558, Google also addressed two other high-severity vulnerabilities as part of this update:
- CVE-2025-7656 – An integer overflow vulnerability in Chrome’s V8 JavaScript engine, which could be exploited to corrupt memory and potentially achieve remote code execution. This flaw was reported by security researcher Shaheen Fazim.
- CVE-2025-7657 – A use-after-free vulnerability in the WebRTC (Web Real-Time Communication) component. Improper memory handling in real-time communication features could allow attackers to crash the browser or execute arbitrary code remotely. This issue was reported by researcher jakebiles.
Remediation:
- Users should immediately update Google Chrome to the latest patched version:
- Windows & Mac: 138.0.7204.157/.158
- Linux: 138.0.7204.157
Conclusion:
CVE-2025-6558 highlights the growing complexity of securing browser components such as ANGLE and GPU. With confirmed active exploitation, users and administrators must prioritize this update to prevent potential remote code execution attacks.
Timely patching remains one of the most effective defenses against modern browser-based threats.
References:
Privilege Escalation Vulnerability in AI Engine WordPress Plugin, Allows Subscriber-Level Account Takeover
Summary :Security Advisory: A critical privilege escalation vulnerability (CVE-2025-5071) was discovered in the AI Engine WordPress plugin, allowing subscriber-level users to gain administrator privileges when the MCP (Model Context Protocol) module is enabled.
| OEM | WordPress |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-5071 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘Meow_MWAI_Labs_MCP::can_access_mcp’ function in versions 2.8.0 to 2.8.3.
This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like ‘wp_create_user’, ‘wp_update_user’ and ‘wp_update_option’, which can be used for privilege escalation, and ‘wp_update_post’, ‘wp_delete_post’, ‘wp_update_comment’ and ‘wp_delete_comment’, which can be used to edit and delete posts and comments.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Privilege Escalation Vulnerability | CVE-2025-5071 | AI Engine WordPress Plugin | High | 2.8.4 |
Technical Summary
AI Engine is a WordPress plugin that recently introduced support for MCP (Model Context Protocol), which allows AI agents – such as Claude or ChatGPT – to control and manage the WordPress website by executing various commands, managing media files, editing users, and performing complex tasks more reliably than through standard APIs.
The vulnerability stems from insufficient authorization checks in the can_access_mcp () function within the plugin, enabling any authenticated (logged-in) user to bypass Bearer Token validation and access MCP endpoints.
This access can be exploited to escalate user privileges by executing commands such as wp_update_user, ultimately leading to full site compromise.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-5071 | WordPress with AI Engine Plugin 2.8.0–2.8.3 | The can_access_mcp() function incorrectly grants MCP endpoint access to all logged-in users. Even when Bearer Token authentication is enabled, lack of empty value checks in the token validation logic allows privilege escalation. | Complete site compromise |
Remediation:
- Immediate Action: Update the AI Engine plugin to version 2.8.4 or later.
- Configuration Check: Ensure that MCP and Dev Tools modules remain disabled unless it’s necessary.
Conclusion:
The CVE-2025-5071 vulnerability in the AI Engine WordPress plugin highlights the potential risks when advanced modules like MCP are misconfigured.
Even though the feature is disabled by default, sites that have enabled it become susceptible to complete takeover by authenticated users.
Website administrators are urged to update to version 2.8.4 immediately and verify that security best practices are enforced to prevent such escalations. With over 100,000 active installations, this flaw presents a significant risk to the WordPress ecosystem if left unpatched.
References:
t
Google Chrome Patches Actively Exploited Zero-Day Vulnerability
Summary : Security Advisory
Google has released a critical out-of-band security update for its Chrome browser to address CVE-2025-5419.
Rated as high-severity zero-day vulnerability in the V8 JavaScript engine that is currently being actively exploited in the wild.
| OEM | |
| Severity | HIGH |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-5419 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
This vulnerability allows attackers to execute arbitrary code on users’ systems through specially crafted web content, making it a serious threat requiring immediate attention.
In addition to the zero-day fix, this update also includes a patch for CVE-2025-5068, a medium severity use-after-free vulnerability in Blink, chrome’s rendering engine.
While less critical, such flaws can still result in memory corruption and possible code execution.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Out-of-bounds memory access vulnerability | CVE-2025-5419 | Google Chrome | High | 137.0.7151.68/.69 (Win/Mac), 137.0.7151.68 (Linux) |
Technical Summary
This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group.
This flaw affects the V8 JavaScript engine and allows attackers to execute arbitrary code via crafted web content.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-5419 | Chrome (all platforms) | Out-of-bounds read and write in the V8 JavaScript engine; triggered via malicious HTML | Arbitrary code execution, memory compromise, remote attack |
Remediation:
Apply Patches Promptly: Upgrade to Chrome version 137.0.7151.68/.69 or later for Windows and macOS, and 137.0.7151.68 or later for Linux to mitigate the vulnerabilities.
General Recommendation:
- Prioritize Zero-Day Fixes: Treat this patch as high priority due to confirmed in-the-wild exploitation. Immediate action is critical to prevent potential system compromise.
- Update Chromium-Based Browsers: Ensure Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are updated as soon as vendor-specific patches are released.
- Automate Browser Updates: Enable automatic updates in Chrome and Chromium environments to maintain timely patching against emerging threats.
- Enterprise Patch Rollout: Administrators should fast-track deployment of the fixed version across all endpoints, particularly in high-risk or externally exposed environments.
- Monitor for Threat Activity: Continuously monitor browser and network activity for signs of exploitation attempts targeting vulnerable versions.
Conclusion:
CVE-2025-5419 poses a significant security risk with confirmed active exploitation in the wild.
Google’s swift action highlights the urgency of this threat. All users are strongly advised to update their Chrome browsers immediately. Delaying this update could expose systems to compromise through malicious web content exploiting this zero-day vulnerability.
While Chrome will automatically update when new security patches are available, users can speed up the process by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the ‘Relaunch’ button to install it immediately.
References:
Ways to combat Cyber Threats; Strengthen your SOC’s readiness involves 3 key strategies
Cyber threats are no longer limited to human attackers, with AI-driven “bad bot” attacks now accounting for 1/3 as per research. These attacks can be automated, allowing attackers to launch more extensive and efficient campaigns
Organizations are now exposed new risks, providing cybercriminals with more entry points and potential “surface areas” to exploit as they go digital and adopt to innovations and wider use of digital technologies.
Some of the types of bad bots are DDoS bots, which disrupt a website or online service by overwhelming it with traffic from multiple sources.
Cybercriminals are using Gen-AI tools to improve the efficiency and yield of their campaigns – with Check Point Research’s recent AI Security Report 2025 flagging the use of the technology for malicious activities like AI-enhanced impersonation and social engineering.
Account takeover bots, which use stolen credentials to access users’ online accounts; web content scraping bots, which copy and reuse website content without permission; and social media bots, which spread fake news and propaganda on social media platforms.
The purpose of Bad Bot is expose critical flaws and vulnerabilities within the security frameworks that IT leaders have established in their architectures and operations.
Unfortunately, traditional security operations centers (SOCs) are built to detect threats based on predefined rules and human-driven logic or characteristics.
AI-powered bots use automation and adaptive methods to execute more sophisticated and dynamic attacks that can bypass these existing defences.
Vulnerabilities are evolving so SOC team have more responsibilities then before as BOTs are AI powered.
Here we outlined three strategies to strengthen your SOC readiness
1.SOC team an essential or important component of business are in Fatigue Zone:
SOCs continuously monitor your organization’s network, systems, and applications to identify potential vulnerabilities and detect any signs of malicious activity.
SOC team quickly takes action to contain the threat and minimize damage, ultimately reducing the overall impact on your business.
Ponemon institute research say SOC teams are fatigued and one research pointed that 65% has fatigue and burn out issues.
That means Cyber security need to support the SOC teams and research found highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout.
Threat hunting teams have a difficult time identifying threats because they have too many IOCs to track, too much internal traffic to compare against IOCs.
Sometimes organizations have lack internal resources and expertise and too many false positives.
Bringing out SOC team from fatigue issue is as important as investing on training, upskilling on cyber skills and development to keep your team’s spirit high.
Establish Key Performance Indicators (KPIs) to measure the effectiveness of your SOC. Monitor these KPIs closely and use them to identify areas for improvement.
2. How do Organization harness Nex-gen technology to combat cyber Threats
Staying abreast of industry trends and best practices to ensure your SOC teams remains at the forefront of cyber security or ahead of the curve with Nex-gen technologies.
So that SOC teams can detect and respond to threats more quickly and efficiently, get holistic view of organizations security posture, AI and ML can augment the SOC team by automating routine task.
Many organizations are adopting hybrid cloud infrastructure and SaaS applications for productivity and cost efficiency reasons. But organizations face difficulty of managing and securing the data on those platforms, which is again leading to higher breach costs.
Darktrace report says 78% of the more than 1,500 security executives responding to a recent survey said that AI-powered threats are having a significant impact on their organizations – with many admitting they lack the knowledge, skills, and personnel to successfully defend against those threats.
Many organizations are already leveraging AI as a cyber-security tool.
Now more IT leaders say they are integrating AI into their cloud strategies for use in advanced security and threat detection.
Organizations can encounter several challenges when integrating AI into their cloud strategies.
Along with SOC team who seamlessly integrate across the organization, same is for AI. Seamless integrations of AI will make it easier for AI-assisted threat detection, notification, enrichment and remediation.
The purpose is AI should focus on tuning models that is organization specific environment. Once done AI will integrate threat intelligence and filtering will be done based on specific context. This will help reinforcing trust with customers and stakeholders.
3. Investing in Predictive Threat Modelling priority for Nex-gen SOC Teams
In this era where AI is being leveraged by organisation to derive accuracy, SOC teams who are evolving will prefer investing in intelligence predictive threat models that are proactive in nature to anticipate risks and refine their response strategies.
When organizations have a Threat Intelligence-Driven SOC it is easier to transform security operations from reactive to proactive defence. Most of the organization builds and operates its own SOC. That is done by employing a dedicated team of cyber security professionals who offers to take complete control over security operations but can be resource-intensive.
AI makes the process easier, as having AI-driven analytics will assist detect anomalous behaviours and zero-day threats.
Further with implementing predictive threat modelling to anticipate emerging attack patterns and leveraging the right frameworks, tools and best practices will help organizations build an intelligence-driven SOC. And with an intelligence-driven SOC team, anticipating any cyber threats can be dealt with efficiency.
IntruceptLabs now offers Mirage Cloak and to summarise Mirage Cloak offers various deception methods to detect and stop threats before they cause damage.
These methods include adding decoys to the network, deploying breadcrumbs on current enterprise assets, using baits as tripwires on endpoints.
This is executed by setting up lures with intentionally misconfigured or vulnerable services or applications.
The flexible framework also lets customers add new deception methods as needed.
Conclusion: Organizations can better protect their digital assets and ensure business continuity by understanding the key components and best practices for building a successful SOC.
At the end we must accept that to defend against any sort of AI attack, SOC teams must evolve with right collaborations and effective communication between partners seamlessly to evaluate information to stay ahead of attackers.
Cyberespionage Group Blind Eagle Infects 1,600 Orgs in Colombia
URL manipulation attack; An agile attack methodology
Continue Reading
CTI & SOC Team’s Compliment Holistic Threat Hunting
SOC & CTI Compliment each other in threat Hunting
Continue Reading