Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix two high-severity vulnerabilities impacting versions 20.x, 22.x, and 24.x78. The most notable flaw, CVE-2025-27210, is a path traversal vulnerability that affects Windows-based applications. A critical memory disclosure vulnerability known as “CitrixBleed 2” (CVE-2025-5777) is affecting Citrix NetScaler ADC and Gateway systems and is being actively exploited in the wild. A critical zero-day remote code execution (RCE) vulnerability in Microsoft SharePoint, CVE-2025-53770, is being actively exploited in attacks against on-premises servers. Following its discovery, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the urgent need for patching. A zero-day vulnerability in the CrushFTP enterprise file transfer server is being actively exploited, allowing attackers to gain administrative access to servers. The vulnerability stems from weaknesses in the platform’s authentication mechanisms and role-based access control (RBAC), which can be exploited by manipulating API calls to bypass security protocols. The most severe of these, CVE-2025-41236, is an integer-overflow vulnerability in the VMXNET3 virtual network adapter with a CVSS score of 9.3. Other critical flaws include an integer underflow in the Virtual Machine Communication Interface (VMCI) and a heap overflow in the PVSCSI controller. A significant vulnerability has been found in Microsoft Entra ID (formerly Azure Active Directory) that allows a user with existing privileged access to escalate their permissions to become a Global Administrator. Cisco has issued a security advisory for a critical vulnerability, CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). In a notable development, Google announced that its AI framework, “Big Sleep,” identified a critical memory corruption flaw in the widely used SQLite database engine before it could be exploited. A critical SQL injection vulnerability in Fortinet’s FortiWeb web application firewall (WAF) is being actively exploited by attackers. Attackers embed malicious JavaScript within these files, a technique known as “HTML smuggling,” to deliver malware like the Agent Tesla Keylogger and XWorm RAT. The group uses different malware for different operating systems, deploying Poseidon Stealer on macOS and PayDay Loader on Windows systems to exfiltrate crypto wallet data and other sensitive credentials. Security researchers have uncovered a new category of vulnerabilities within major DNS-as-a-Service (DNSaaS) providers that could enable attackers to conduct “nation-state level spying” on corporate networks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability affects all versions prior to 9.1.1551. Vim has released a patched version, and users are advised to upgrade to protect their systems. The flaw carries the maximum possible CVSS score of 10.0, as it allows an unauthenticated, remote attacker to execute arbitrary code with the highest level of privileges (root) on an affected device. These methods leverage legitimate system tools to execute malicious code directly in memory, bypassing traditional antivirus solutions that are often not as robust on non-Windows systems. In these attacks, threat actors impersonate IT support personnel during Teams video calls and use social engineering to persuade victims to execute malicious PowerShell scripts through the Quick Assist feature. It also patches two other high-severity vulnerabilities: an integer overflow in the V8 JavaScript engine (CVE-2025-7656) and a use-after-free vulnerability in WebRTC (CVE-2025-7657). The U.S. Department of Homeland Security confirmed that a Chinese state-sponsored hacking group, known as Salt Typhoon, remained undetected within the U.S. Army National Guard’s network for nine months. During this time, the attackers stole sensitive data, including administrator credentials, network diagrams, and the personally identifiable information (PII) of service members. The objective is to deceive victims into installing malware, such as the “NimDoor” backdoor for macOS, designed to steal cryptocurrency and other sensitive information3. These flaws, discovered during the Pwn2Own hacking competition, could allow attackers to escape from virtual machines and execute code on the host system. This marks what Google believes is the first instance of an AI agent predicting and helping to prevent the exploitation of a zero-day vulnerability in the wild. A new ransomware variant named “Dark 101” has been identified, featuring a weaponized .NET binary designed to cripple system recovery efforts. Hackers linked to North Korea are using sophisticated social engineering tactics, including fake Zoom meeting invitations and AI-generated deepfakes, to compromise employees at cryptocurrency and Web3 companies. The vulnerability, CVE-2025-54309, is an unprotected alternate channel flaw that can be leveraged by a remote, unauthenticated attacker. Users seeking to use this software are often instructed to disable their antivirus programs, creating an opportunity for malware like RedLine Stealer and RisePro to infect their systems without being detected. The flaw allows attackers to hijack active user sessions and steal credentials without authentication. Oracle has released its quarterly Critical Patch Update for July 2025, addressing 309 vulnerabilities across its product suite. The vulnerability, CVE-2025-6965, could allow an attacker to trigger an integer overflow by injecting malicious SQL statements. The attack chain often begins with a fraudulent message on platforms like Telegram or a fake Calendly invitation, which directs the target to a counterfeit Zoom meeting where they are prompted to install a malicious “update” or “extension”.
This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 20 Jul 2025 16:55:17 +0000