Posted inCybersecurity News Bytes

SparTech Software – Cybersecurity News Bytes (July 20, 2025 7:51 AM)

No CommentsPosted inCybersecurity News Bytes

Cybersecurity News – July 20, 2025

Table of Contents

  • Google Patches Actively Exploited Chrome Zero-Day Vulnerability
  • Critical SQL Injection Flaw Revealed in FortiWeb Appliances
  • Cisco ISE Exposed by Pre-Authentication Remote Code Execution Vulnerabilities
  • Co-op Provides Update After Large-Scale Data Breach
  • North Korean Group Uses Deepfakes in Sophisticated macOS Attack
  • Asefa Insurance Compromised by Qilin Ransomware Operation
  • RingReaper: New Linux EDR Evasion Tool Utilizing io_uring

Google Patches Actively Exploited Chrome Zero-Day Vulnerability

Background

A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-6558, has been rapidly addressed by Google following the detection of active exploitation in the wild. This marks the fifth Chrome zero-day fixed by Google this year, reinforcing ongoing concerns over browser-targeting threats.

Technical Details

The flaw involves a high-severity memory corruption bug, allowing remote attackers to execute arbitrary code within the context of the browser. Successful exploitation could result in a full compromise of user sessions, bypass of sandbox protections, or silent installation of additional malware.

Google has expedited patch distribution, urging users to apply updates immediately. The vulnerability’s widespread exploitation potential, together with Chrome’s dominant browser market share, makes rapid deployment of the fix critical for both consumers and enterprises.

Critical SQL Injection Flaw Revealed in FortiWeb Appliances

Vulnerability Discovery

Fortinet’s FortiWeb, a widely deployed web application firewall, has been found vulnerable to a critical unauthenticated SQL injection flaw, designated CVE-2025-25257. Public proof-of-concept exploits have raised urgency within the security community as attackers are expected to quickly leverage the bug.

Attack Surface and Impact

The vulnerability exists in the web interface of FortiWeb devices, specifically affecting input validation routines. Attackers can exploit the flaw without authentication, injecting arbitrary SQL commands, potentially resulting in device compromise or exposure of sensitive configuration data.

Fortinet has released security patches and urges administrators to upgrade immediately to block potential exploits, which could be incorporated into automated attack tools and mass-exploitation campaigns.

Cisco ISE Exposed by Pre-Authentication Remote Code Execution Vulnerabilities

Vulnerabilities Overview

Cisco Identity Services Engine (ISE) and its Passive Identity Connector (PIC) component are subject to two newly disclosed, maximum-severity vulnerabilities, including CVE-2025-20337. These defects allow for unauthenticated remote code execution via improperly secured APIs and insufficient input validation.

Technical and Operational Risks

Exploitation enables attackers to deploy arbitrary files, execute commands, or gain root-level access on affected ISE appliances. The flaws are particularly concerning given ISE’s typical role as an access policy anchor, making successful exploitation a threat to enterprise network access management and security posture.

Cisco has pushed urgent updates and recommends immediate patching, as there are no known mitigations or workarounds.

Co-op Provides Update After Large-Scale Data Breach

Breach Summary

Following a disruptive cyber-attack in April, the Co‑op has issued a new update regarding a breach that impacted personal data of 6.5 million members. Exposed data includes names, addresses, and contact information, though financial records were not leaked.

Aftermath and Response

Operational disruptions affected payment systems and supply chains but did not interrupt store or funeral service operations. Law enforcement arrested four suspects (aged 17–20), implicating them in blackmail, money laundering, and Computer Misuse Act violations.

In response, the Co‑op is enhancing security controls and is launching initiatives to bring young talent into the cybersecurity sector to strengthen internal defenses.

North Korean Group Uses Deepfakes in Sophisticated macOS Attack

Attack Chain

The BlueNoroff threat group, attributed to North Korea, has been leveraging AI-powered deepfake video calls to target Mac users. Attackers contacted employees via Telegram, sent phony calendar invites, and then redirected them to a spoofed video conferencing page where realistic deepfakes of company seniors appeared.

Malware Execution and Payload

Victims were asked to install a fake browser extension to “fix” audio issues, triggering a malware install chain. The malware included a remote-access backdoor, keylogger, screen capture module, and a cryptocurrency-focused infostealer targeting over 20 digital assets.

This campaign highlights the convergence of AI-generated deception and increasingly capable macOS-targeted malware, signaling a new social engineering frontier.

Asefa Insurance Compromised by Qilin Ransomware Operation

Incident Analysis

Spanish insurer Asefa suffered a ransomware attack conducted by the Qilin group, resulting in data theft exceeding 200GB. Exfiltrated data includes sensitive company and client records, such as financial documents and personally identifiable information, with notable references to high-profile clients.

Operational Impact

Although core insurance services continue, significant IT disruption and a full system audit are underway. Qilin, with hundreds of attacks claimed this year alone, has publicly listed the breach on its dark web leak site, raising alarm over potential identity theft and reputational damage.

RingReaper: New Linux EDR Evasion Tool Utilizing io_uring

Tool Discovery

A novel Linux post-exploitation tool, RingReaper, has been identified in the wild. It exploits the io_uring kernel feature—designed for high-performance asynchronous I/O—to subvert modern Endpoint Detection and Response (EDR) systems.

Technical Approach

RingReaper achieves defense evasion by scheduling and executing malicious actions within kernel context through io_uring, blending in with legitimate operations. Its stealth affords attackers both persistence and a reduced forensic trail, especially on enterprise Linux systems where io_uring is increasingly enabled.

Security teams are advised to audit the use of io_uring, monitor for suspicious process behaviors, and update EDR solutions to better detect abuse patterns linked to this advanced technique.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply