Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges.
Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched by the networking equipment major late last month.
“Multiple vulnerabilities in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit these vulnerabilities,” the company said in an updated advisory.
“These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.”
Kentaro Kawane of GMO Cybersecurity has been credited with discovering and reporting the flaw. Kawane was previously acknowledged for two other critical Cisco ISE flaws (CVE-2025-20286 and CVE-2025-20282) and another critical bug in Fortinet FortiWeb (CVE-2025-25257)
CVE-2025-20337 affects ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration. It does not impact ISE and ISE-PIC release 3.2 or earlier. The issue has been patched in the following versions –
Cisco ISE or ISE-PIC Release 3.3 (Fixed in 3.3 Patch 7)
Cisco ISE or ISE-PIC Release 3.4 (Fixed in 3.4 Patch 2)
There is no evidence that the vulnerability has been exploited in a malicious context. That said, it’s always a good practice to ensure that systems are kept up-to-date to avoid potential threats.
The disclosure comes as The Shadowserver Foundation reported that threat actors are likely exploiting publicly released exploits associated with CVE-2025-25257 to drop web shells on susceptible Fortinet FortiWeb instances since July 11, 2025.
As of July 15, there are estimated to be 77 infected instances, down from 85 the day before. The majority of the compromises are concentrated around North America (44), Asia (14), and Europe (13).
Data from the attack surface management platform Censys shows that there are 20,098 Fortinet FortiWeb appliances online, excluding honeypots, although it’s currently not known how many of these are vulnerable to CVE-2025-25257.
“This flaw enables unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP requests, leading to remote code execution (RCE),” Censys said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection.
Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware.
First advertised in February 2021 on Russian-speaking cybercrime forums for a rental price of $2,500, the malware has been put to use as part of ClickFix-like lures to trick users visiting legitimate-but-compromised sites not running it.
Matanbuchus stands out among loaders because it’s not usually spread through spam emails or drive-by downloads. Instead, it’s often deployed using hands-on social engineering, where attackers trick users directly. In some cases, it supports the kind of initial access used by brokers who sell entry to ransomware groups. This makes it more targeted and coordinated than typical commodity loaders.
The latest version of the loader, tracked as Matanbuchus 3.0, incorporates several new features, including improved communication protocol techniques, in-memory capabilities, enhanced obfuscation methods, CMD and PowerShell reverse shell support, and the ability to run next-stage DLL, EXE, and shellcode payloads, per Morphisec.
The cybersecurity company said it observed the malware in an incident earlier this month where an unnamed company was targeted via external Microsoft Teams calls that impersonated an IT help desk and tricked employees into launching Quick Assist for remote access and then executing a PowerShell script that deployed Matanbuchus.
It’s worth noting that similar social engineering tactics have been employed by threat actors associated with the Black Basta ransomware operation.
“Victims are carefully targeted and persuaded to execute a script that triggers the download of an archive,” Morphisec CTO Michael Gorelik said. “This archive contains a renamed Notepad++ updater (GUP), a slightly modified configuration XML file, and a malicious side-loaded DLL representing the Matanbuchus loader.”
Matanbuchus 3.0 has been advertised publicly for a monthly price of $10,000 for the HTTPS version and $15,000 for the DNS version.
Once launched, the malware collects system information and iterates over the list of running processes to determine the presence of security tools. It also checks the status of its process to check if it’s running with administrative privileges.
It then sends the gathered details to a command-and-control (C2) server to receive additional payloads in the form of MSI installers and portable executables. Persistence on the shot is achieved by setting up a scheduled task.
“While it sounds simple, Matanbuchus developers implemented advanced techniques to schedule a task through the usage of COM and injection of shellcode,” Gorelik explained. “The shellcode itself is interesting; it implements a relatively basic API resolution (simple string comparisons), and a sophisticated COM execution that manipulates the ITaskService.”
The loader also comes fitted with features that can be invoked remotely by the C2 server to collect all executing processes, running services, and a list of installed applications.
“The Matanbuchus 3.0 Malware-as-a-Service has evolved into a sophisticated threat,” Gorelik said. “This updated version introduces advanced techniques such as improved communication protocols, in-memory stealth, enhanced obfuscation, and support for WQL queries, CMD, and PowerShell reverse shells.”
“The loader’s ability to execute regsvr32, rundll32, msiexec, or process hollowing commands underscores its versatility, making it a significant risk to compromised systems.”
As malware-as-a-service evolves, Matanbuchus 3.0 fits into a broader trend of stealth-first loaders that rely on LOLBins (living-off-the-land binaries), COM object hijacking, and PowerShell stagers to stay under the radar.
Threat researchers are increasingly mapping these loaders as part of attack surface management strategies and linking them to abuse of enterprise collaboration tools like Microsoft Teams and Zoom.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP.
The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks as UNC6148.
The tech giant assessed with high confidence that the threat actor is “leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates.”
“Analysis of network traffic metadata records suggests that UNC6148 may have initially exfiltrated these credentials from the SMA appliance as early as January 2025.”
The exact initial access vector used to deliver the malware is currently not known due to the steps taken by the threat actors to remove log entries. But it’s believed that access may have been gained through the exploitation of known security flaws such as CVE-2021-20035, CVE-2021-20038, CVE-2021-20039, CVE-2024-38475, or CVE-2025-32819.
Alternately, the tech giant’s threat intelligence team theorized that the administrator credentials could’ve been obtained through information-stealing logs or acquired from credential marketplaces. However, it said it didn’t find any evidence to back up this hypothesis.
Upon gaining access, the threat actors have been found to establish an SSL-VPN session and spawn a reverse shell, although how this was achieved remains a mystery given that shell access should not be possible by design on these appliances. It’s believed that it may have been pulled off by means of a zero-day flaw.
The reverse shell is used to run reconnaissance and file manipulation commands, not to mention export and import settings to the SMA appliance, suggesting that UNC6148 may have altered an exported settings file offline to include new rules so that their operations are not interrupted or blocked by the access gateways.
The attacks culminate in the deployment of a previously undocumented implant named OVERSTEP that’s capable of modifying the appliance’s boot process to maintain persistent access, as well as credential theft and concealing its own components to evade detection by patching various file system-related functions.
This is achieved by implementing a usermode rootkit through the hijacked standard library functions open and readdir, allowing it to hide the artifacts associated with the attack. The malware also hooks into the write API function to receive commands from an attacker-controlled server in the form of embedded within web requests –
dobackshell, which starts a reverse shell to the specified IP address and port
dopasswords, which creates a TAR archive of the files /tmp/temp.db, /etc/EasyAccess/var/conf/persist.db, and /etc/EasyAccess/var/cert, and save it in the location “/usr/src/EasyAccess/www/htdocs/” so that it can be downloaded via a web browser
“UNC6148 modified the legitimate RC file ‘/etc/rc.d/rc.fwboot’ to achieve persistence for OVERSTEP,” GTIG said. “The changes meant that whenever the appliance was rebooted, the OVERSTEP binary would be loaded into the running file system on the appliance.”
Once the deployment step is complete, the threat actor then proceeds to clear the system logs and reboots the firewall to activate the execution of the C-based backdoor. The malware also attempts to remove the command execution traces from different log files, including httpd.log, http_request.log, and inotify.log.
“The actor’s success in hiding their tracks is largely due to OVERSTEP’s capability to selectively delete log entries [from the three log files],” Google said. “This anti-forensic measure, combined with a lack of shell history on disk, significantly reduces visibility into the actor’s secondary objectives.”
Google has evaluated with medium confidence that UNC6148 may have weaponized an unknown, zero-day remote code execution vulnerability to deploy OVERSTEP on targeted SonicWall SMA appliances. Furthermore, it’s suspected that the operations are carried out with the intent to facilitate data theft and extortion operations, and even ransomware deployment.
This connection stems from the fact that one of the organizations that was targeted by UNC6148 was posted on the data leak site operated by World Leaks, an extortion gang run by individuals previously associated with the Hunters International ransomware scheme. It’s worth noting that Hunters International recently shuttered its criminal enterprise.
According to Google, UNC6148 exhibits tactical overlaps with prior exploitation of SonicWall SMA devices observed in July 2023 that involved an unknown threat actor deploying a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades, per Truesec.
The exploitation activity was subsequently linked by security researcher Stephan Berger to the deployment of the Abyss ransomware.
The findings once again highlight how threat actors are increasingly focusing on edge network systems that aren’t usually covered by common security tools like Endpoint Detection and Response (EDR) or antivirus software and slip into target networks unnoticed.
“Organizations should acquire disk images for forensic analysis to avoid interference from the rootkit anti-forensic capabilities. Organizations may need to engage with SonicWall to capture disk images from physical appliances,” Google said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Jul 16, 2025The Hacker NewsIdentity Management / AI Security
The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager.
From Hype to High Stakes
Generative AI has moved beyond the hype cycle. Enterprises are:
Deploying LLM copilots to accelerate software development
Automating customer service workflows with AI agents
Integrating AI into financial operations and decision-making
Whether building with open-source models or plugging into platforms like OpenAI or Anthropic, the goal is speed and scale. But what most teams miss is this:
Every LLM access point or website is a new identity edge. And every integration adds risk unless identity and device posture are enforced.
What Is the AI Build vs. Buy Dilemma?
Most enterprises face a pivotal decision:
Build: Create in-house agents tailored to internal systems and workflows
Buy: Adopt commercial AI tools and SaaS integrations
The threat surface doesn’t care which path you choose.
Custom-built agents expand internal attack surfaces, especially if access control and identity segmentation aren’t enforced at runtime.
Third-party tools are often misused or accessed by unauthorized users, or more commonly, corporate users on personal accounts, where governance gaps exist.
Securing AI isn’t about the algorithm, it’s about who (or what device) is talking to it, and what permissions that interaction unlocks.
What’s Actually at Risk?
AI agents are agentic which is to say they can take actions on a human’s behalf and access data like a human would. They’re often embedded in business-critical systems, including:
Source code repositories
Finance and payroll applications
Email inboxes
CRM and ERP platforms
Customer support logs and case history
Once a user or device is compromised, the AI agent becomes a high-speed backdoor to sensitive data. These systems are highly privileged, and AI amplifies attacker access.
Common AI-Specific Threat Vectors:
Identity-based attacks like credential stuffing or session hijacking targeting LLM APIs
Misconfigured agents with excessive permissions and no scoped role-based access control (RBAC)
Weak session integrity where infected or insecure devices request privileged actions through LLMs
How to Secure Enterprise AI Access
To eliminate AI access risk without killing innovation, you need:
Phishing-resistant MFA for every user and device accessing LLMs or agent APIs
Granular RBAC tied to business roles—developers shouldn’t access finance models
Continuous device trust enforcement, using signals from EDR, MDM, and ZTNA
AI access control must evolve from a one-time login check to a real-time policy engine that reflects current identity and device risk.
The Secure AI Access Checklist:
No shared secrets
No trusted device assumptions
No over-permissioned agents
No productivity tax
The Fix: Secure AI Without Slowing Down
You don’t have to trade security for speed. With the right architecture, it’s possible to:
Block unauthorized users and devices by default
Eliminate trust assumptions at every layer
Secure AI workflows without interrupting legitimate use
Beyond Identity makes this possible today.
Beyond Identity’s IAM platform makes unauthorized access to AI systems impossible by enforcing phishing-resistant, device-aware, continuous access control for AI systems. No passwords. No shared secrets. No untrustworthy devices.
Beyond Identity is also prototyping a secure-by-design architecture for in-house AI agents that binds agent permissions to verified user identity and device posture—enforcing RBAC at runtime and continuously evaluating risk signals from EDR, MDM, and ZTNA. For instance, if an engineer loses CrowdStrike full disk access, the agent immediately blocks access to sensitive data until posture is remediated.
Want a First Look?
Register for Beyond Identity’s webinar to get a behind-the-scenes look at how a Global Head of IT Security built and secured his internal, enterprise AI agents that’s now used by 1,000+ employees. You’ll see a demo of how one of Fortune’s Fastest Growing Companies uses phishing-resistant, device-bound access controls to make unauthorized access impossible.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
Jul 16, 2025Ravie LakshmananWindows Server / Enterprise Security
Cybersecurity researchers have disclosed what they say is a “critical design flaw” in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025.
“The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely,” Semperis said in a report shared with The Hacker News.
Put differently, successful exploitation could allow adversaries to sidestep authentication guardrails and generate passwords for all Delegated Managed Service Accounts (dMSAs) and group Managed Service Accounts (gMSAs) and their associated service accounts.
The persistence and privilege escalation method has been codenamed Golden dMSA, with the cybersecurity company deeming it as low complexity owing to the fact that the vulnerability simplifies brute-force password generation.
However, in order for bad actors to exploit it, they must already be in possession of a Key Distribution Service (KDS) root key that’s typically only available to privileged accounts, such as root Domain Admins, Enterprise Admins, and SYSTEM.
Described as the crown jewel of Microsoft’s gMSA infrastructure, the KDS root key serves as a master key, allowing an attacker to derive the current password for any dMSA or gMSA account without having to connect to the domain controller.
“The attack leverages a critical design flaw: A structure that’s used for the password-generation computation contains predictable time-based components with only 1,024 possible combinations, making brute-force password generation computationally trivial,” security researcher Adi Malyanker said.
Delegated Managed Service Accounts is a new feature introduced by Microsoft that facilitates migration from an existing legacy service account. It was introduced in Windows Server 2025 as a way to counter Kerberoasting attacks.
The machine accounts bind authentication directly to explicitly authorized machines in Active Directory (AD), thus eliminating the possibility of credential theft. By tying authentication to device identity, only specified machine identities mapped in AD can access the account.
Golden dMSA, similar to Golden gMSA Active Directory attacks, plays out over four steps once an attacker has obtained elevated privileges within a domain –
Extracting KDS root key material by elevating to SYSTEM privileges on one of the domain controllers
Enumerating dMSA accounts using LsaOpenPolicy and LsaLookupSids APIs or via a Lightweight Directory Access Protocol (LDAP)-based approach
Identifying the ManagedPasswordID attribute and password hashes through targeted guessing
Generating valid passwords (i.e., Kerberos tickets) for any gMSA or dMSA associated with the compromised key and testing them via Pass the Hash or Overpass the Hash techniques
“This process requires no additional privileged access once the KDS root key is obtained, making it a particularly dangerous persistence method,” Malyanker said.
“The attack highlights the critical trust boundary of managed service accounts. They rely on domain-level cryptographic keys for security. Although automatic password rotation provides excellent protection against typical credential attacks, Domain Admins, DnsAdmins, and Print Operators can bypass these protections entirely and compromise all of the dMSAs and gMSAs in the forest.”
Semperis noted that the Golden dMSA technique turns the breach into a forest-wide persistent backdoor, given that compromising the KDS root key from any single domain within the forest is enough to breach every dMSA account across all domains in that forest.
In other words, a single KDS root key extraction can be weaponized to achieve cross-domain account compromise, forest-wide credential harvesting, and lateral movement across domains using the compromised dMSA accounts.
“Even in environments with multiple KDS root keys, the system consistently uses the first (oldest) KDS root key for compatibility reasons,” Malyanker pointed out. “This means that the original key we’ve compromised could be preserved by Microsoft’s design – creating a persistent backdoor that could last for years.”
Even more concerning is that the attack completely sidesteps normal Credential Guard protections, which are used to secure NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials so that only privileged system software can access them.
Following responsible disclosure on May 27, 2025, Microsoft said, “If you have the secrets used to derive the key, you can authenticate as that user. These features have never been intended to protect against a compromise of a domain controller.” Semperis has also released an open-source as proof-of-concept (PoC) to demonstrate the attack.
“What starts as one DC compromise escalates to owning every dMSA-protected service across an entire enterprise forest,” Malyanker said. “It’s not just privilege escalation. It’s enterprise-wide digital domination through a single cryptographic vulnerability.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized.
It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. They don’t just spoof—they impersonate.
Modern attackers aren’t relying on chance. They’re running long-term, multi-channel campaigns across email, LinkedIn, SMS, and even support portals—targeting your employees, customers, and partners.
Whether it’s a fake recruiter reaching out on LinkedIn, a lookalike login page sent via text, or a cloned CFO demanding a wire transfer, the tactics are faster, more adaptive, and increasingly automated using AI.
The result? Even trained users are falling for sophisticated fakes—because they’re not just phishing links anymore. They’re operations.
This Webinar Shows You How to Fight Back
Join us for a deep dive into how Doppel’s real-time AI platform detects and disrupts social engineering threats before they escalate.
You’ll learn how AI can be used not just to spot suspicious signals, but to understand attacker behavior, track impersonation campaigns across platforms, and respond instantly—before reputational or financial damage occurs.
What You’ll Learn
The Modern Threat Landscape: How AI-powered social engineering campaigns are evolving—and what that means for your current defenses.
Real-Time Defense: How Doppel identifies impersonation attempts and shuts them down before users engage.
Shared Intelligence at Scale: How learning from attacks across thousands of brands helps make deception unprofitable.
Impersonation attacks are scaling faster than any human team can monitor manually. Security awareness training isn’t enough. Static detection rules fall short. You need a defense that thinks and adapts in real-time.
Doppel’s AI learns from every attack attempt—so your protection keeps getting smarter.
Who Should Attend: Security leaders responsible for brand trust and executive protection, SOC teams overwhelmed by phishing and impersonation alerts, and risk, fraud, or threat intelligence professionals seeking faster, smarter signal-to-action.
Don’t wait for an impersonation attack to make the first move. Learn how to fight back—before it happens. Save Your Spot. Register Now →
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud.
The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign “decoy” app that’s hosted on the Google Play Store and its evil twin, which is distributed via third-party sources.
It’s worth pointing out that the decoy apps don’t have to be necessarily published by threat actors themselves and could be legitimate. The only caveat is that the malicious apps share the exact same package names as their real counterparts already available on the Play Store.
“The threat actors behind Konfety are highly adaptable, consistently altering their targeted ad networks and updating their methods to evade detection,” Zimperium zLabs researcher Fernando Ortega said. “This latest variant demonstrates their sophistication by specifically tampering with the APK’s ZIP structure.”
By using malformed APKs, the tactic allows threat actors to sidestep detection and challenge reverse engineering efforts. Besides dynamically loading the main DEX (Dalvik Executable) payload at runtime, the newly discovered versions enable the general-purpose bit flag by setting it to “Bit 0,” signaling to the system that the file is encrypted.
This behavior, in turn, triggers a false password prompt when attempting to inspect the Android package, thereby blocking access and complicating attempts to analyze its contents.
The second technique entails falsely declaring the use of BZIP compression method in the app’s manifest XML file (“AndroidManifest.xml”), causing analysis tools like APKTool and JADX to crash due to a parsing failure. A similar compression-based defense evasion technique was previously highlighted by Kaspersky in another Android malware called SoumniBot.
The use of dynamic code loading to execute the primary payload affords added stealth during initial scans or reverse engineering, Zimperium noted. During execution, the DEX payload is decrypted and loaded directly into memory without attracting any red flags.
“This multi-layered obfuscation approach, combining encrypted assets, runtime code injection, and deceptive manifest declarations, demonstrates the evolving sophistication of the Konfety operation and its continuous efforts to evade analysis and bypass detection mechanisms,” Ortega said.
Like the previous iteration reported by HUMAN last year, Konfety abuses the CaramelAds software development kit (SDK) to fetch ads, deliver payloads, and maintain communication with attacker-controlled servers.
It comes with capabilities to redirect users to malicious websites, prompt unwanted app installs, and trigger persistent spam-like browser notifications. Furthermore, the malware hides its app icon and uses geofencing to alter its functionality based on the victim’s region.
The development comes as ANY.RUN detailed a Chinese Android packer tool known as Ducex that’s mainly designed to conceal embedded payloads like Triada within fake Telegram apps.
“The packer employs serious obfuscation through function encryption using a modified RC4 algorithm with added shuffling,” ANY.RUN researcher Alina Markova said. “Ducex creates major roadblocks for debugging. It performs APK signature verification, failing if the app is re-signed. It also employs self-debugging using fork and ptrace to block external tracing.”
On top of that, Ducex is designed to detect the presence of popular analysis tools such as Frida, Xposed, and Substrate, and if present, terminate itself.
The findings also follow a new study published by a team of researchers from TU Wien and the University of Bayreuth about a novel technique dubbed TapTrap that can be weaponized by a malicious app to covertly bypass Android’s permission system and gain access to sensitive data or execute destructive actions.
The attack, in a nutshell, hijacks user interactions on Android devices by overlaying animations or games on a user’s screen, while surreptitiously launching user interface elements underneath that trick users into performing undesirable actions, such as installing malware or granting the app intrusive permissions.
“Normally, Android shows an animation when the screen changes, such as the new screen sliding or fading in,” researchers Philipp Beer, Marco Squarcina, Sebastian Roth, and Martina Lindorfer said. “However, the app can tell the system that a custom animation should be used instead that is long-running and makes the new screen fully transparent, keeping it hidden from you.”
“Any taps you make during this animation go to the hidden screen, not the visible app. The app can then use this to lure you into tapping on specific areas of the screen that correspond to sensitive actions on the hidden screen, allowing it to perform actions without your knowledge.”
In a hypothetical attack scenario, a threat actor-released game installed by the victim can secretly open a web browser session and dupe them into granting camera permissions to a malicious website.
That said, TapTrap’s impact extends beyond the Android ecosystem, opening the door to tapjacking and web clickjacking attacks. The issue has been addressed in GrapheneOS, Chrome 135 (CVE-2025-3067), and Firefox 136 (CVE-2025-1939). Android 16 continues to remain susceptible to the attack.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.
The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components.
“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page,” according to the description of the flaw from the NIST’s National Vulnerability Database (NVD).
ANGLE, short for “Almost Native Graphics Layer Engine,” acts as a translation layer between Chrome’s rendering engine and device-specific graphics drivers. Vulnerabilities in the module can let attackers escape Chrome’s sandbox by abusing low-level GPU operations that browsers usually keep isolated, making this a rare but powerful path to deeper system access.
For most users, a sandbox escape like this means that visiting a malicious site is sufficient to potentially break out of the browser’s security bubble and interact with the underlying system. This is especially critical in targeted attacks where just opening a webpage could trigger a silent compromise without requiring any download or click.
Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the zero-day vulnerability on June 23, 2025.
The exact nature of the attacks weaponizing the flaw has not been disclosed, but Google acknowledged that an “exploit for CVE-2025-6558 exists in the wild.” That said, the discovery by TAG alludes to the possibility of nation-state involvement.
The development comes about two weeks after Google addressed another actively exploited Chrome zero-day (CVE-2025-6554, CVSS score: 8.1), which was also reported by Lecigne on June 25, 2025.
Google has resolved a total of five zero-day vulnerabilities in Chrome that have been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. This includes: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, and CVE-2025-6554.
To safeguard against potential threats, it’s advised to update their Chrome browser to versions 138.0.7204.157/.158 for Windows and Apple macOS, and 138.0.7204.157 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome, and select Relaunch.
Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Issues like this often fall under broader categories like GPU sandbox escapes, shader-related bugs, or WebGL vulnerabilities. While not always headline-grabbing, they tend to resurface in chained exploits or targeted attacks. If you follow Chrome security updates, it’s worth keeping an eye out for graphics driver flaws, privilege boundary bypasses, and memory corruption in rendering paths, as they often point to the next round of patch-worthy bugs.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild.
The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an artificial intelligence (AI) agent that was launched by Google last year as part of a collaboration between DeepMind and Google Project Zero.
“An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in read off the end of an array,” SQLite project maintainers said in an advisory.
The tech giant described CVE-2025-6965 as a critical security issue that was “known only to threat actors and was at risk of being exploited.” Google did not reveal who the threat actors were.
“Through the combination of threat intelligence and Big Sleep, Google was able to actually predict that a vulnerability was imminently going to be used and we were able to cut it off beforehand,” Kent Walker, President of Global Affairs at Google and Alphabet, said.
“We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.”
In October 2024, Big Sleep was behind the discovery of another flaw in SQLite, a stack buffer underflow vulnerability that could have been exploited to result in a crash or arbitrary code execution.
Coinciding with the development, Google has also published a white paper to build secure AI agents such that they have well-defined human controllers, their capabilities are carefully limited to avoid potential rogue actions and sensitive data disclosure, and their actions are observable and transparent.
“Traditional systems security approaches (such as restrictions on agent actions implemented through classical software) lack the contextual awareness needed for versatile agents and can overly restrict utility,” Google’s Santiago (Sal) Díaz, Christoph Kern, and Kara Olive said.
“Conversely, purely reasoning-based security (relying solely on the AI model’s judgment) is insufficient because current LLMs remain susceptible to manipulations like prompt injection and cannot yet offer sufficiently robust guarantees.”
To mitigate the key risks associated with agent security, the company said it has adopted a hybrid defense-in-depth approach that combines the strengths of both traditional, deterministic controls and dynamic, reasoning-based defenses.
The idea is to create robust boundaries around the agent’s operational environment so that the risk of harmful outcomes is significantly mitigated, specifically malicious actions carried out as a result of prompt injection.
“This defense-in-depth approach relies on enforced boundaries around the AI agent’s operational environment to prevent potential worst-case scenarios, acting as guardrails even if the agent’s internal reasoning process becomes compromised or misaligned by sophisticated attacks or unexpected inputs,” Google said.
“This multi-layered approach recognizes that neither purely rule-based systems nor purely AI-based judgment are sufficient on their own.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter.
“Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 per day.”
In Q1 2025, the company said an 18-day sustained campaign against its own and other critical infrastructure protected by Cloudflare was responsible for 13.5 million of the attacks observed during the time period. Cumulatively, Cloudflare has blocked nearly 28 million DDoS attacks, surpassing the number of attacks it mitigated in all of 2024.
The notable of the attacks in Q2 2025 is a staggering DDoS attack that peaked at 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps) within a span of 45 seconds.
Big traffic spikes like these make headlines—but what often gets missed is how attackers are now combining them with smaller, targeted probes. Instead of just overwhelming systems with brute force, they’re mixing large-scale floods with quiet scans to find weak spots and slip past defenses built to block only the obvious.
Layer 3/Layer 4 (L3/4) DDoS attacks declined 81% quarter-over-quarter to 3.2 million, while HTTP DDoS attacks rose 9% to 4.1 million. More than 70% of the HTTP DDoS attacks emanated from known botnets. The most common L3/4 attack vectors were flood attacks conducted over DNS, TCP SYN, and UDP protocols.
Telecommunication service providers and carriers were among the most targeted, followed by the Internet, IT services, gaming, and gambling sectors.
China, Brazil, Germany, India, South Korea, Turkey, Hong Kong, Vietnam, Russia, and Azerbaijan emerged as the most attacked locations based on the billing country of the Cloudflare customers. Indonesia, Singapore, Hong Kong, Argentina, and Ukraine were the top five sources of DDoS attacks.
The web infrastructure and security company also revealed that the number of hyper-volumetric DDoS attacks exceeding 100 million packets per second (pps) increased by 592% compared to the previous quarter.
Another significant aspect is the 68% increase in ransom DDoS attack, which occurs when malicious actors attempt to extort money from an organization by threatening them with a DDoS attack. It also involves scenarios where the attacks are carried out and a ransom is demanded to stop it from happening again.
“While the majority of DDoS attacks are small, hyper-volumetric DDoS attacks are increasing in size and frequency,” Cloudflare said. “Six out of every 100 HTTP DDoS attacks exceed 1M rps, and 5 out of every 10,000 L3/4 DDoS attacks exceed 1 Tbps — a 1,150% QoQ increase.”
The company further has called attention to a botnet variant dubbed DemonBot that infects Linux-based systems, predominantly unsecured IoT devices, via open ports or weak credentials to enlist them into a DDoS botnet that can carry out UDP, TCP, and application-layer floods.
“Attacks are typically command-and-control (C2) driven and can generate significant volumetric traffic, often targeting gaming, hosting, or enterprise services,” it added. “To avoid infection, leverage antivirus software and domain filtering.”
Infection vectors like those exploited by DemonBot highlight broader challenges with unsecured IoT exposure, weak SSH credentials, and outdated firmware—common themes across DDoS botnet proliferation. Related attack strategies, such as TCP reflection, DNS amplification, and burst-layer evasion, are increasingly discussed in Cloudflare’s application-layer threat reports and API security breakdowns.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
