Article Details

⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks. Behind every security alert is a bigger story. Sometimes it's a system being tested. Sometimes it's trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we're looking beyond the surface to spot what really matters. Whether it's poor design, hidden access, or silent misuse, knowing where to look can make all the difference. If you're responsible for protecting systems, data, or people—these updates aren't optional. They're essential. These stories reveal how attackers think—and where we're still leaving doors open. ⚡ Threat of the Week Google Releases Patches for Actively Exploited Chrome 0-Day — Google has released Google Chrome versions 137.0.7151.68/.69 for Windows and macOS, and version 137.0.7151.68 for Linux to address a high-severity out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine that it said has been exploited in the wild. Google credited Clement Lecigne and Benoît Sevens of Google Threat Analysis Group (TAG) with discovering and reporting the flaw on May 27, 2025. "Out-of-bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to a description of the flaw. It's currently not known how the flaw is being exploited in the wild, although it's likely to be highly targeted in nature. Each of Your Users Is Unique. Their Security Should be Too GravityZone PHASR (Proactive Hardening and Attack Surface Reduction) dynamically tailors hardening without slowing down business or burdening IT. Excess software access creates unnecessary risk. Uncover unused risky binaries and applications, restrict access to them, and cut your attack surface by up to 95%. 🔔 Top News ‎️‍🔥 Trending CVEs Attackers love software vulnerabilities – they're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out. This week's list includes — CVE-2025-20286 (Cisco Identity Services Engine), CVE-2025-49113 (Roundcube), CVE-2025-5419 (Google Chrome), CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 (Qualcomm), CVE-2025-37093 (HPE StoreOnce), CVE-2025-48866 (ModSecurity WAF), CVE-2025-25022 (IBM QRadar Suite), CVE-2025-22243 (VMware NSX Manager), CVE‑2025‑24364, CVE‑2025‑24365 (Vaultwarden), and CVE-2024-53298 (Dell PowerScale OneFS). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: These newly released tools are for educational use only and haven't been fully audited. Use at your own risk—review the code, test safely, and apply proper safeguards. 🔒 Tip of the Week Block Malware Tactics Before They Start — Turn On ASR Rules → Most modern malware doesn't rely on viruses—it abuses trusted tools like Word, Excel, and PowerShell to silently run in the background. Microsoft Defender's built-in Attack Surface Reduction (ASR) rules stop these attacks by blocking dangerous actions like macros launching scripts or unknown apps accessing sensitive system parts. Here's how you can enable ASR protection in minutes: Home & Power Users: Download ConfigureDefender — a safe, free tool that lets you enable all key ASR rules with just a few clicks. Open the app, choose the "High" or "Max" profile, and click "Apply Settings". That's it—your system is now protected against many common malware techniques. Advanced Users or IT Admins: Use this PowerShell command to enable a critical ASR rule: Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EFC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled This one blocks Office apps from launching child processes—a common trick in ransomware delivery. ASR rules don't just block known malware—they shut down entire categories of risky behavior. They're free, lightweight, and already built into Windows 10/11 Pro or Enterprise. Turning them on can prevent threats your antivirus may never catch. Conclusion This week's takeaways are a reminder: threats rarely knock—they slip in. Every missed patch, strange behavior, or failed control is a step closer to something worse. If anything here hits close to home, don't delay the fix. The next breach is often just a mistake left unchecked.