Google Chrome ANGLE Zero-Day Flaw (CVE-2025-6558) Actively Exploited
A significant zero-day vulnerability tracked as CVE-2025-6558 has been discovered and actively exploited in Google Chrome’s ANGLE and GPU components. The flaw was publicly disclosed after Google’s Threat Analysis Group (TAG) flagged exploitation in the wild. Attackers leveraging this vulnerability can execute malicious code or escalate privileges, putting users at immediate risk.
Technical Mechanism of the ANGLE Vulnerability
ANGLE (Almost Native Graphics Layer Engine) serves as an abstraction layer translating OpenGL ES API calls to underlying graphics APIs. The identified flaw allows attackers to trigger undefined behavior in Chrome’s GPU processing, enabling them to escape the browser sandbox or execute arbitrary code on the host system. The vulnerability is especially severe because GPU processes run with elevated privileges compared to regular renderer processes, raising the impact of a successful exploit.
Attack Vectors and Observed Exploitation
Exploitation occurs through crafted web content that forces the browser to process malicious inputs within the ANGLE layer. Google TAG observed attacks using spear-phishing links leading to malicious websites targeting high-value users, including those in government and critical infrastructure. Once on the page, exploit code runs within the browser and can compromise a user’s machine without interaction beyond basic page navigation.
Mitigation and Patch Guidance
Immediate action is required to patch systems. Chrome users should ensure they are running the latest version, which includes an emergency patch released on July 30, 2025. Organizations whose patch cycles lag behind public disclosure risk targeted attacks exploiting this flaw.
Broader Implications
The incident highlights ongoing risks tied to browser graphics subsystems and the persistent interest of sophisticated actors in browser zero-days. The public countdown following Project Zero’s disclosure deadline further pressures vendors to address such vulnerabilities promptly.
New EU IoT Cybersecurity Regulations Effective from August 1, 2025
Starting August 1, 2025, all new radio-connected devices entering the European Union market must comply with stringent cybersecurity standards. This regulatory milestone affects manufacturers of smartphones, wearables, home appliances, and other connected electronics, marking a significant step in global efforts to secure the expanding Internet of Things (IoT) ecosystem.
Scope of Affected Devices and Regulatory Requirements
The updated rules extend to any radio-connected device—including smart home appliances, telecommunication equipment, and consumer electronics—that relies on wireless networking. Each product must incorporate robust authentication, secure update mechanisms, and technical safeguards against common network and device vulnerabilities.
Key Technical Requirements
Device manufacturers are mandated to implement:
- Unique, non-default credentials for device management
- Protection against unauthorized access and data manipulation
- Regular security updates distributed through verified channels
- Comprehensive event logging for post-incident analysis
- Secure storage and handling of sensitive personal data
Compliance Challenges and Industry Impact
The regulations demand intensive product redesign for legacy device lines and may influence global manufacturers to consolidate regional SKUs in favor of single standards-compliant designs. While increasing upfront compliance costs, the legislation is anticipated to reduce downstream legal exposure resulting from data breaches linked to insecure IoT products.
Anticipated Industry Adjustments
Manufacturers are accelerating review and realignment of firmware update policies. Security-by-design principles are expected to become normalized throughout device development life cycles to align with the stricter requirements and emerging consumer and regulator expectations.
Massive Aggregated Credential Leak: 16 Billion Passwords Exposed
Security researchers have identified the largest known aggregate password dataset, containing approximately 16 billion unique login credentials. The data pool, collected over several years from numerous breaches and infostealer campaigns, was discovered exposed in an online storage repository before access was secured.
Nature and Scope of the Dataset
Unlike single-source mega breaches, this exposure appears to be an aggregation of records from over 30 major breaches affecting platforms such as Google, Apple, IBM, and Facebook. Aggregators use infostealer malware to systematically drain credentials, authentication cookies, and other sensitive session data from infected devices.
Collection Tactics and Cybercriminal Ecosystem
Sellers in underground forums commonly amass data over time using automated infostealers, then advertise these resources once a substantial inventory is built. The discovered cache, staged on unsecured cloud infrastructure, reflects the industrial scale of the cybercrime credential market.
Impact and Response Strategies
The exposure significantly elevates risks of credential stuffing, spear-phishing, and supply chain attacks. Organizations should emphasize timely credential rotation, implement multi-factor authentication, and continuously monitor for signs of account compromise.
Implications for Enterprises and Individuals
The incident reinforces the longstanding advice that passwords alone are insufficient protection. Layered authentication and enhanced behavioral monitoring are necessary countermeasures as criminals industrialize the process of credential collection and monetization.
Microsoft and CISA Respond to Widespread SharePoint Exploitation Campaign
An ongoing global hacking campaign targeting Microsoft SharePoint servers has compromised hundreds of systems, including those at government agencies and critical infrastructure organizations. Both Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued urgent warnings and guidance as exploitation continues.
Scale and Tactics of the Attacks
Threat actors are exploiting a series of unpatched or recently disclosed vulnerabilities in on-premises SharePoint deployments. Attackers, including China-backed advanced persistent threat (APT) groups, are using exploit code to gain persistent access, pivot laterally, and exfiltrate sensitive data.
Stages of Compromise and Observed Patterns
The attack lifecycle typically includes:
- Discovery of exposed SharePoint instances using automated scanning tools
- Exploitation of chainable flaws to bypass authentication and escalate privileges
- Deployment of web shells and ransomware payloads within targeted organizations
Microsoft researchers have reported new tradecraft, including the use of living-off-the-land binaries and customized payloads tailored for each victim’s infrastructure.
Mitigation Measures and Official Advisories
Microsoft and CISA urge immediate application of the latest security updates, hardening of authentication processes, and enhanced monitoring for unusual SharePoint access patterns. Organizations are advised to audit their server exposure and validate the integrity of deployed solutions.
Broader Significance
The episode exemplifies ongoing nation-state targeting of collaboration platforms and the persistent risks associated with delayed patch management in mission-critical environments.
