In today’s cybersecurity landscape, even the most secure environments are experiencing breaches, not through dramatic hacks, but through subtle exploitation of overlooked vulnerabilities. Attackers are increasingly capitalizing on outdated encryption, weak configurations, and exposed trusted tools. This behavior doesn’t rely on flashy zero-day exploits; rather, it evades detection by blending into normal operations, employing modular techniques and automation to mimic benign activities. The ongoing challenge is that control is not just threatened—it’s being quietly usurped. Recent updates underscore how default configurations, blurred trust lines, and exposed systems are transforming everyday tools into potential gateways for attackers.
⚡ Threat of the Week
Critical SharePoint Zero-Day Exploited (Patch Released) — Microsoft has rolled out patches addressing two security vulnerabilities in SharePoint Server that were reportedly exploited by attackers against numerous global organizations. The vulnerabilities, known as CVE-2025-53770 and CVE-2025-53771, were initially assessed as bypasses for previously identified flaws tracked as CVE-2025-49704 and CVE-2025-49706. This exploit chain, dubbed ToolShell, could enable attackers to achieve remote code execution on on-premises SharePoint servers. Patches for these issues were included in Microsoft’s earlier Patch Tuesday update, and the identity of the perpetrators remains unknown.
🔔 Top News
- Google Releases Patch for Actively Exploited Chrome Flaw — A high-severity vulnerability in the Chrome browser (CVE-2025-6558) has been addressed by Google as it became actively exploited. This marks the fifth zero-day being abused or demonstrated since the year’s start. The flaw involves improper validation of untrusted input in the browser’s ANGLE and GPU components, potentially enabling attackers to bypass sandboxes via malicious HTML. The fix has been implemented in versions 138.0.7204.157/.158 for Windows and macOS, and 138.0.7204.157 for Linux.
- Critical NVIDIA Container Toolkit Vulnerability Disclosed — A vulnerability in the NVIDIA Container Toolkit (CVE-2025-23266) could lead to code execution with elevated privileges, highlighting a serious risk of data tampering and possible denial-of-service. The shortcoming, disclosed by Wiz, could allow attackers to access, manipulate, or steal sensitive data across shared hardware environments.
- CrushFTP Bug Under Attack — A critical flaw, CVE-2025-54309, in CrushFTP software has come under fire from unknown attack vectors. Threat actors have reverse-engineered the software to target unpatched versions, exploiting HTTP(S) vulnerabilities. CrushFTP indicated that a different issue correction had inadvertently left a prior bug exposed.
- Golden dMSA Attack Revealed in Windows Server 2025 — A significant design flaw affecting delegated Managed Service Accounts (dMSAs) in Windows Server 2025 has been unveiled, leading to potential cross-domain attacks and prolonged access to resources across Active Directory. Researchers reported that the flaw involves predictable time-based components, making brute-force attacks computationally trivial.
- AI Detects Critical SQLite Vulnerability — Google’s Big Sleep AI agent identified a critical flaw in SQLite (CVE-2025-6965), preventing its impending exploitation. This marks a pioneering instance of an AI agent proactively countering a zero-day vulnerability.
- Threat Actors Targeting EoL SonicWall Devices — Cybercriminals are exploiting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances, deploying a persistent backdoor known as OVERWATCH. While many aspects of the campaign remain unclear, it is evident that unauthorized access began with leaked local administrator credentials.
️🔥 Trending CVEs
Cybercriminals swiftly target newly identified software vulnerabilities, with even a single unpatched CVE posing a significant risk. Below are some notable high-risk vulnerabilities in focus this week. Organizations should address these promptly to mitigate exposure:
This week’s list features vulnerabilities such as CVE-2025-53770, CVE-2025-53771 (Microsoft SharePoint Server), CVE-2025-37103 (HPE Instant On Access Points), CVE-2025-54309 (CrushFTP), CVE-2025-23266 (NVIDIA Container Toolkit), CVE-2025-6558 (Google Chrome), and many more notable CVEs across various platforms.
📰 Around the Cyber World
- Russian Sentenced for Data Sharing — In the Netherlands, a 43-year-old Russian was sentenced to three years for breaching international sanctions by sharing sensitive information from Dutch companies with individuals in Russia. Evidence showed he used Signal to transmit proprietary data.
- U.K. NCSC Launches Vulnerability Initiative — The U.K. National Cyber Security Centre has unveiled a Vulnerability Research Initiative aimed at enhancing collaboration with cybersecurity experts, focusing on improving the understanding of security across diverse technologies.
- Storm-1516 Disinformation Efforts — A Kremlin-linked group, Storm-1516, has been generating fake news articles on various fronts to spread disinformation across several European countries. Their sophisticated tactics employ legitimate reporter identities to lend credibility to their narratives.
- SLOW#TEMPEST Malware Techniques Evolve — The SLOW#TEMPEST malware campaign has adopted sophisticated DLL-sideloading techniques to facilitate its spread, obscuring its operations through advanced techniques that make detection difficult.
- Abacus Market Closure Signals Possible Scam — The darknet marketplace Abacus Market has unexpectedly ceased operations, leading to speculation about a potential exit scam following multiple user reports of withdrawal issues.
🎥 Cybersecurity Webinars
- Securing Identity in the Age of AI — This session focuses on how businesses are managing AI-driven identity risks and developing privacy-first authentication strategies in today’s digital landscape.
- DVulnerabilities in the Software Supply Chain — Discover the ways that attackers exploit Python dependencies and learn how DevSecOps teams can proactively secure these critical environments.
- AIs as a Threat Vector — As AI technologies enhance productivity, they simultaneously open doors for attacks. Join a discussion on securing AI-powered workflows from emerging threats.
🔒 Tip of the Week
Track Vulnerabilities Across Systems — Attackers often exploit Windows Scheduled Tasks to maintain persistence on compromised systems. Regularly monitoring not just visible tasks but also hidden ones can help identify malicious activity. Utilizing tools such as Autoruns and conducting registry scans can unveil ongoing threats within the system. This proactive approach aids in preemptively addressing potential vulnerabilities before any breach occurs.
