Every security alert holds a deeper narrative. Sometimes it indicates systemic vulnerabilities being tested; other times, it’s about the erosion of trust manifesting through delays or unusual activities. This week, we delve beyond the surface to uncover the pivotal details. Whether you’re grappling with inadequate designs, unnoticed access points, or covert misuse, pinpointing these issues can significantly enhance your defenses.
If your role is to safeguard systems, data, or individuals, staying updated on these developments is critical. These insights reveal the mindset of attackers and highlight the vulnerabilities we often overlook.
⚡ Threat of the Week
Google Addresses Critical Chrome Vulnerability— Google has launched versions 137.0.7151.68/.69 for Windows and macOS users, along with version 137.0.7151.68 for Linux. This update tackles a serious vulnerability within the V8 JavaScript and WebAssembly engine, exploited in active attacks. The flaw, reported by Clement Lecigne and Benoît Sevens from Google Threat Analysis Group on May 27, 2025, allows potential heap corruption via crafted HTML pages. Currently, specifics on the exploitation method remain unclear, but indications suggest a high level of targeting.
🔔 Top News
- Data-Wiping Malware PathWiper Hits Ukraine— An unidentified infrastructure entity in Ukraine faced an assault from a novel data-wiper malware dubbed PathWiper. This malware bears similarities to HermeticWiper, utilized by the Russia-linked Sandworm group at the onset of the Russo-Ukrainian conflict in early 2022. Cisco Talos reports that access to the administrative console likely facilitated this attack.
- BladedFeline Attacks Iraqi Officials— A hacking group aligned with Iran, known as BladedFeline, has been linked to hacking attempts targeting Kurdish and Iraqi governmental figures since early 2024. They are suggested to be a wing of the OilRig group, which has been active for more than a decade. These intrusions involve backdoor malware like Whisper (also known as Veaty), Spearal, and Optimizer, originating from undetermined initial access routes.
- Voice Phishing Group Targets Salesforce— An emergent threat actor called UNC6040 is employing voice phishing tactics resembling those of the Scattered Spider group, impersonating IT support to trick users into installing modified versions of Salesforce’s Data Loader application. Salesforce confirmed that while these incidents stem from user manipulation, no security vulnerabilities in its platform were exploited.
- Chrome to Stop Trusting Chunghwa Telecom and Netlock Certificates— Google’s Chrome team announced intentions to distrust digital certificates from Chunghwa Telecom and Netlock due to a year-long observation of concerning behaviors. This change is slated for Chrome 139, expected to launch in early August 2025. The decision stems from repeated compliance failures and lack of substantial progress regarding previously disclosed incidents.
- Crocodilus Trojan Expands Beyond Earlier Targets— A new Android banking Trojan named Crocodilus is rapidly spreading from its initial targets in Turkey to Android users in Spain, South America, and parts of Asia. As it evolves, Crocodilus incorporates functions to create contacts in victims’ address books for social engineering and harvest cryptocurrency wallet seed phrases, demonstrating an increasing sophistication in malware tactics.
️🔥 Trending CVEs
Software vulnerabilities remain tempting entry points for cyber attackers. New flaws emerge weekly, turning seemingly minor oversights into significant breaches if not addressed promptly. Here is this week’s lineup of critical vulnerabilities to keep in mind:
- CVE-2025-20286 (Cisco Identity Services Engine)
- CVE-2025-49113 (Roundcube)
- CVE-2025-5419 (Google Chrome)
- CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 (Qualcomm)
- CVE-2025-37093 (HPE StoreOnce)
- CVE-2025-48866 (ModSecurity WAF)
- CVE-2025-25022 (IBM QRadar Suite)
- CVE-2025-22243 (VMware NSX Manager)
- CVE-2025-24364, CVE-2025-24365 (Vaultwarden)
- CVE-2024-53298 (Dell PowerScale OneFS)
📰 Around the Cyber World
- SentinelOne Outage Attributed to Software Flaw— SentinelOne reported that a significant outage on May 29, 2025, lasting around seven hours, was caused by a software flaw that compromised critical network routes and DNS resolver rules. While customer endpoints remained protected, security teams struggled with service management disruption.
- Nigeria Convicts Nine Chinese Nationals for Cybercrime— A Nigerian court sentenced nine Chinese nationals to prison for their involvement in a cybercrime ring, which allegedly recruited and trained Nigerians for online fraud, including romance scams. The operation, named Eagle Flush, led to the arrest of numerous individuals linked to various online scams.
- Fake NFT Airdrops Target Hedera Users— The FBI issued a warning about scammers targeting users of the Hedera Hashgraph network with fraudulent NFT airdrops, leveraging non-custodial wallets to steal cryptocurrency. These scams utilize phishing tactics to lure users into providing access to their wallets.
- Bogus WordPress Plugin Harvests Admin Credentials— Cybercriminals are exploiting a counterfeit caching plugin known as wp-runtime-cache to extract WordPress admin credentials, leading to external server exfiltration. This instance underlines the need for regular audits of site plugins and user credentials.
- Chinese Hackers Breach U.S. Telecom Systems— In the summer of 2023, Chinese hackers gained access to a U.S. telecommunications firm and remained undetected for seven months, an intrusion now attributed to the Salt Typhoon group.
- Vodafone Fined by German Data Regulator— Vodafone received significant fines totaling €45 million due to security violations attributed to fraudulent activities linked to contractors. These actions were exacerbated by authentication process vulnerabilities, enabling unauthorized access to customer data.
- NSO Group Appeals $168 Million Ruling— The NSO Group is challenging a jury decision that ordered them to pay extensive damages to WhatsApp over alleged government surveillance activities. The company claims the ruling is unjustified.
- Mozilla Launches Scam Detection System for Crypto Wallets— Mozilla has introduced an early detection mechanism for recognizing and blocking fraudulent cryptocurrency wallet extensions, designed to protect users from scams.
- iPhone Users Targeted by Zero-Click Exploit— Anomalous behaviors on iPhones belonging to political and media figures were linked to zero-click exploits. The targeted vulnerabilities are related to the iMessage service and were addressed in a recent iOS update.
- ViperSoftX Malware Targets Cryptocurrency— Threat hunters have identified new campaigns using cracked software to distribute ViperSoftX, a stealer malware primarily targeting cryptocurrencies.
- U.S. State Department Offers Bounty on RedLine Operators— The State Department announced rewards of up to $10 million for information leading to the identification of individuals linked with the RedLine information stealer.
- Apple Allegedly Shared Data on Push Notifications— Reports suggest that Apple relayed data about numerous push notifications to governmental bodies worldwide, raising transparency concerns regarding data handling practices.
- China Accuses Taiwan of Cyber Espionage— China alleges that Taiwan supports multiple APT groups conducting espionage against Chinese entities, coinciding with drastic claims regarding hacking activities.
- Colombian Cybercriminals Execute Vehicle Insurance Scam— Colombian cybercriminals reportedly deceived users into paying for fake vehicle insurance through a network of counterfeit websites, proving the sophistication of online scams.
- German Authorities Identify TrickBot Leader— The head of the TrickBot cybercrime group has been named as Russian national Vitaly Kovalev, following international law enforcement operations that led to widespread disruptions of their infrastructure.
🎥 Cybersecurity Webinars
- Understanding Hidden Attacks: Spotting LOTS Attacks— In this live session, experts from Zscaler will delve into how hackers camouflage their operations within trusted environments, providing crucial insights and practical techniques for recognizing and mitigating stealth attacks.
- Identifying Non-Human Identities at Risk— This webinar will unpack the hidden identity risks associated with AI agents and service accounts, exploring how attackers target these often-overlooked areas and how to enhance security protocols.
🔧 Cybersecurity Tools
- InterceptSuite— This tool inspects encrypted traffic from all types of applications, going beyond regular web browsers. It provides deep visibility into TLS traffic, enabling security professionals to track down threats that conventional tools might overlook.
- Malware Detection System— Utilizing static analysis and dynamic behavior monitoring, this solution flags potential threats, including phishing and malware, in real-time, ensuring effective detection before they escalate.
Disclaimer: These newly released tools are intended for educational purposes and have not undergone full auditing. Proceed with caution—always review the software, conduct safe testing, and implement proper safeguards.
🔒 Tip of the Week
Proactively Block Malware Attacks with ASR Rules— Modern malware frequently leverages trusted applications like Word and Excel to execute attacks silently. To counter this, enable Microsoft Defender’s Attack Surface Reduction (ASR) rules, which are designed to block risky actions. This can be done easily by downloading ConfigureDefender to activate key ASR protections.
For Home and Power Users: Using ConfigureDefender is straightforward—simply select a protection profile and apply it to secure your system against prevalent malware techniques.
For Advanced Users or IT Administrators: You can activate a critical ASR rule with the following PowerShell command:
Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EFC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled. This rule blocks Office apps from initiating child processes, a common method used in ransomware attacks.
ASR rules not only defend against recognized malware but might also shut down entire categories of risky behaviors. They are lightweight, freely available, and included in Windows 10/11 Pro or Enterprise versions. By enabling these rules, you can preempt threats that might evade your antivirus protection.
