Chrome GPU/ANGLE Vulnerability Exploited in the Wild
Google has acknowledged active exploitation of a new vulnerability in Chrome’s ANGLE and GPU components, assigned CVE-2025-6558. The discovery and subsequent disclosure by Google Threat Analysis Group highlight increased targeting of browser rendering infrastructure, raising concerns over the effectiveness of current patching and mitigation strategies.
Technical Details and Exploitation
The CVE-2025-6558 vulnerability exists within the ANGLE (Almost Native Graphics Layer Engine) and GPU subsystems used to accelerate WebGL and 2D/3D rendering in Chrome. Exploiting this flaw allows a remote attacker to leverage crafted web content to execute arbitrary code on the victim’s machine, bypassing key browser security boundaries. Google’s telemetry indicates the vulnerability is already leveraged in targeted attacks, specifically by threat actors aiming to chain browser exploits with local privilege escalation for full system compromise.
Patch and Disclosure Process
Following Google Project Zero’s policy, the vulnerability details and mandatory patch release were made public as soon as the 90-day deadline expired. Administrators and end-users are strongly advised to update Chrome and Chromium-based browsers to the latest versions immediately, as delayed patching increases risk.
Implications for Enterprise Environments
Security teams should prioritize patching—especially on endpoints handling sensitive data or exposed to untrusted web content. Organizations relying on virtualized or cloud-hosted browsers must also ensure backend images are refreshed to include security updates.
Apple Intelligence: TCC Bypass Exposes Private Data
A significant security concern has emerged regarding the technology underlying Apple Intelligence. Attackers have discovered and demonstrated a method to bypass the Transparency, Consent, and Control (TCC) security framework, exposing cached geolocation and biometric data that Apple Intelligence processes, raising privacy and operational risks for device users.
Mechanisms of the TCC Bypass
The TCC subsystem strictly governs application access to private user data on Apple devices, mediating permission requests and enforcing sandboxes. The recent bypass targets weaknesses in how Apple Intelligence, the suite of AI-powered features, caches user data. By circumventing TCC, attackers can directly access and extract sensitive information—including precise location coordinates and biometric templates—potentially without triggering user alerts or requiring explicit permission.
Potential Impact
The flaw jeopardizes data protection regulations compliance, as compromised devices may fail to uphold privacy promises mandated by law. Enterprises and regulated industries, especially those managing devices with biometric authentication, must rapidly evaluate their exposure pending an official patch from Apple.
Recommended Actions
Organizations are encouraged to monitor device and application permissions, deploy endpoint security controls, and prepare for immediate patching upon Apple’s release. User training should emphasize caution with prompting requests and highlight the risks until mitigation is confirmed.
Targeted Backup Systems: Threat Actors Adopt Scattered Spider Techniques
Financially motivated attackers have expanded their focus to backup infrastructure, adapting advanced social engineering and lateral movement methods previously attributed to the Scattered Spider group. This campaign aims to compromise organizations’ last line of defense, with increased sophistication demonstrated in recent incidents.
Attack Techniques and Objectives
Threat groups are targeting backup management consoles, repositories, and cloud-based recovery solutions using tailored phishing, helpdesk impersonation, and multi-stage intrusion tactics. Once initial access is gained—often via compromised credentials or deceptive calls—attackers escalate privileges and seek to disable or destroy backup copies before launching ransomware or extortion attacks.
Sector Impact and Risks
The approach undermines standard business continuity planning. Without uncorrupted backups, organizations face higher demands for ransom and may be unable to restore operations efficiently. The campaign demonstrates an evolving recognition that ransomware defenses are only as strong as their backup security and segregation.
Mitigation Strategies
Security leaders should enforce strict access controls, activate multi-factor authentication for all backup interfaces, and implement air-gapping or immutable storage technology. Incident response plans must anticipate complete backup compromise as a scenario and perform routine testing of out-of-band and offline recovery mechanisms.
Orange Suffers Service Disruption Following Cyberattack
Major telecommunications provider Orange reported a significant service outage affecting both corporate and individual customers after being targeted by a cyberattack. The incident underscores ongoing sector vulnerabilities, especially on the infrastructure providing essential connectivity.
Nature of the Attack
While technical specifics remain under wraps, initial assessments attribute the outage to compromise of business-critical IT environments. Evidence points to exploitation of internal systems used for network provisioning, billing, and customer authentication, resulting in access denials, communication delays, and performance degradation.
Operational and Strategic Response
Orange mobilized its incident response teams to isolate affected systems, restore service, and coordinate with authorities for attribution and mitigation. Enterprises relying on Orange services should review their own resilience measures for redundancy and make note of updated advisories as investigations progress.
Wider Implications for Telecom Security
The disruption emphasizes the cascade effect telecom sector breaches can cause, potentially exposing downstream businesses and public clients to risk. As attackers increasingly recognize the leverage gained by disrupting communications infrastructure, persistent monitoring and advanced anomaly detection remain top priorities.
Minnesota National Guard Deployed to Counter Saint Paul Cyberattack
The City of Saint Paul, Minnesota experienced a cyberattack severe enough to prompt direct involvement from the Minnesota National Guard. This marks a growing trend of leveraging military cyber defense resources in municipal incident response, reflecting the criticality and sophistication of attacks targeting local government.
Incident Escalation and Impact
Authorities identified a breach impacting vital city systems, necessitating immediate action due to potential threats to public safety, continuity of operations, and sensitive personal information. The decision to call in the National Guard highlights both the scale and the sophistication of the incursion.
Roles and Strategies Employed
National Guard cyber units collaborated with local IT, law enforcement, and state agencies to contain the attack, execute forensics, and guide system remediation. The coordinated approach leveraged cyber incident playbooks developed in joint training, allowing accelerated identification of lateral movement and eradication of malicious footholds.
Lessons for Critical Infrastructure Defenders
This event signals to other cities the necessity of pre-established relationships and protocols for involving state and federal resources during a crippling cyber event. Routine tabletop exercises and resource mapping will improve readiness for similar escalation scenarios.
Ukrainian and Belarusian Hackers Target Belarusian Infrastructure
Hacker groups organized from Ukraine and Belarus have claimed responsibility for a cyberattack on Belarusian infrastructure in direct opposition to the government led by Alexander Lukashenko. This politically motivated offensive demonstrates the increasingly blurred lines between state, activist, and cybercriminal threat actors in Eastern Europe.
Methods and Target Selection
The operation appears to have leveraged a combination of spear-phishing, exploitation of unpatched servers, and wiper malware designed to disrupt operations and destroy data inner government and communications environments. The apparent objective was both reputational damage and real-world interruption of state activity.
Geopolitical Implications
The incident fuels tensions in an already volatile region, exposing cross-border offensive cyber capabilities and their potential to provoke broader escalation. Organizations with interests or partners in the affected region must monitor for further retaliatory campaigns and potential spillover attacks.
