A new vulnerability, tracked as CVE-2025-6558, has been identified in Google Chrome’s ANGLE and GPU components. Google’s Threat Analysis Group (TAG) observed active exploitation in the wild, making this flaw a high-priority concern for both enterprise and individual users. This vulnerability’s exploitation pathway and mitigation strategies are under close scrutiny as the attacker techniques become more sophisticated.
Chrome ANGLE and GPU Vulnerability (CVE-2025-6558)
Technical Vulnerability Details
The flaw exists within the ANGLE (Almost Native Graphics Layer Engine) framework used by Chrome to translate WebGL and other graphics API calls across multiple platforms. Attackers leverage malformed input data to trigger out-of-bounds memory access, which can allow remote code execution. The GPU process, while normally sandboxed, is also susceptible if the exploit is chained with a sandbox escape, giving attackers potential system-level access.
Observed Exploitation Tactics
According to reports, attackers have used targeted exploits via malicious web content to trigger the flaw on up-to-date Chrome installations. Successful exploitation could lead to browser crashes or the execution of arbitrary code within the context of the browser, with possible elevation to broader system compromise if paired with secondary flaws. The sophistication of these attacks suggests well-resourced threat actors, possibly including state-sponsored groups, are involved.
Mitigation and Response
Google responded by issuing a patch via Chrome’s automatic update mechanism. Users and enterprises are urged to verify that their Chrome installations are at the latest version. Administrators should also consider monitoring for signs of compromise using browser telemetry and endpoint detection tools focused on suspicious behavior originating from GPU and rendering processes.
A critical threat to Apple’s ecosystem emerged with a TCC (Transparency, Consent, and Control) bypass vulnerability that raises the risk of exposure for Apple Intelligence-cached data, encompassing sensitive geolocation and biometric details. This security concern directly impacts privacy protections on devices running Apple’s AI-infused operating systems.
Apple TCC Bypass Threatens Cache Privacy
Nature of the Flaw
The vulnerability allows unauthorized access to the TCC, a framework intended to restrict and monitor app access to protected resources such as location and biometric databases. The explicit bypass discovered targets cache data generated by Apple’s new AI-powered features, potentially giving attackers the ability to siphon sensitive information without user consent or detection.
Attack Surface and Vectors
Privacy researchers discovered that exploitation is possible if a malicious application or process attains partial system privileges. The attack does not always require full administrative rights; instead, it leverages poorly segmented access controls within the caching mechanisms tied to Apple Intelligence. Attack scenarios include both local attacks by applications and remote code execution where privilege escalation is achieved.
Recommendations for Users and Organizations
Apple has been notified and is believed to be developing a patch. In the interim, security experts recommend heightened monitoring of app behavior, scrutiny of new app installations, and restricting app permissions wherever practical to limit exposure until security updates are issued.
A major SharePoint hacking campaign has impacted hundreds of organizations worldwide, including federal, state, and local agencies. Attackers have exploited a previously unpatched flaw in on-premises SharePoint servers, prompting emergency responses by both vendors and government cybersecurity agencies.
SharePoint Exploit Campaign Targets Public and Private Sectors
Scope and Scale of the Attack
The campaign, confirmed by both government and industry sources, leverages a vulnerability to gain remote access to SharePoint servers and associated data stores. Organizations affected range from government agencies processing critical data to commercial entities with proprietary intellectual property hosted in SharePoint environments.
Technical Sequence of Exploitation
Attackers use crafted requests to bypass authentication controls, gaining code execution capabilities on the underlying Windows host. Once inside, they often install web shells for persistence, create new administrator accounts, and exfiltrate sensitive documents. Security logs reveal that lateral movement is frequently attempted, with credential dumping and Active Directory reconnaissance as early objectives.
Vendor and Agency Response
Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have issued emergency directives, urging organizations to immediately patch affected systems and monitor for indicators of compromise. Enhanced monitoring of SharePoint logs, isolation of compromised hosts, and rapid patch deployment are considered top priorities for defenders.
The City of Saint Paul, Minnesota, activated the National Guard after a cyberattack disrupted municipal operations. This incident underscores the growing trend of cyber threats targeting local governments and the necessity for coordinated response capabilities.
Saint Paul Calls in National Guard Following Cyberattack
Incident Timeline and Impact
The official response was triggered amid disruptions to municipal IT infrastructure, raising concerns about public safety systems, email, and citizen services. The attackers’ tactics, techniques, and procedures (TTPs) have not yet been fully disclosed, but preliminary reports indicate a ransomware or data destruction element.
Emergency Management Measures
The Minnesota National Guard’s cyber task force has been deployed to assist the city’s IT staff with threat identification, containment, and recovery operations. The National Guard brings specialized incident response, forensic analysis, and network recovery capabilities that are critical for restoring service continuity and ensuring the integrity of public systems.
Ongoing Threat Intelligence and Aftermath
State and federal security agencies are coordinating intelligence-gathering efforts and have issued warnings to other municipalities about potential follow-on attacks. The incident highlights the importance of cyber resilience planning and partnership between local, state, and military cyber defense units.
The retailer Belk has confirmed a data breach after the hacker group DragonForce claimed responsibility. The breach is part of a broader wave of attacks targeting U.S. and U.K. retailers and raises concerns about the security of customer data in multi-channel retail environments.
Belk Data Breach Adds to Retail Threat Wave
Attack Overview
The incident began with unauthorized access to Belk’s customer data systems. Attackers exploited vulnerabilities in Belk’s web-facing infrastructure, gaining access to customer records that may have included names, contact information, and potentially payment data.
Threat Actor Profile and Motives
DragonForce operates with a blend of financial and ideological motives, often publicizing breaches to embarrass victim companies and pressure them for ransom payments or concessions. The group’s tactics include social engineering, credential phishing, and exploitation of web application flaws and misconfigurations.
Implications for the Retail Sector
This breach highlights the persistent risk facing retailers, exacerbated by complex, distributed e-commerce systems. Companies are reminded to implement layered defenses, secure application development practices, and robust detection and response processes to manage ongoing threats.
French telecommunications giant Orange suffered a cyberattack that caused significant service disruptions for both corporate and individual customers. The attack illustrates attackers’ growing focus on critical telecom infrastructure.
Orange Cyberattack Disrupts Telecom Services
Attack Details and Disruption
Initial investigations suggest that the attack involved a coordinated denial-of-service or malware component that impacted Orange’s network management systems. The disruption affected core telecommunication services, preventing clients from accessing voice, data, or corporate service platforms.
Response Actions
Orange activated its internal security teams to isolate affected systems and restore connectivity. External cybersecurity firms have been enlisted to aid forensic analysis and remediation. Regulatory authorities have been notified, and customer communications prioritized as part of the incident response.
Critical Infrastructure Risk Mitigation
The Orange incident serves as a case study for the sector, reinforcing the need for continuous monitoring, rapid response capability, and investment in defensive architecture for network operators.