- Email: info@clearinfosec.com
- 1800 760 5656
Cybersecurity isn’t slowing down—and neither are the adversaries. This past week has been a whirlwind of high-impact zero-days, aggressive malware campaigns, certificate trust shifts, and nation-state operations. At ClearInfosec, we break down the noise to highlight what matters to your cyber defense strategy.
Below is our deep-dive recap of the week’s most alarming developments and what they mean for enterprises worldwide.
Google disclosed a high-severity vulnerability in Chrome’s V8 JavaScript engine that could allow attackers to execute arbitrary code via out-of-bounds memory manipulation. Tracked as CVE-2025-5419, this zero-day is actively exploited in the wild—affecting users across all major desktop platforms.
Vulnerability: Out-of-bounds memory access in V8 engine.
Affected versions: Chrome for Windows, macOS, and Linux.
Patched version: Chrome 137.0.7151.69 (Windows) and 137.0.7151.68 (Mac/Linux).
Impact: Remote code execution through malicious JavaScript payloads.
Push emergency patch updates across all managed endpoints.
Leverage browser isolation for high-risk users or contractors.
Use web content filters to block known malicious JavaScript exploit kits.
A sophisticated wiper malware dubbed PathWiper has been observed erasing files in critical Ukrainian infrastructure. Unlike ransomware, PathWiper is not monetarily motivated—its sole goal is data destruction and disruption.
Target: Ukrainian IT infrastructure.
Behavior: Deletes files and renders systems unrecoverable.
Attribution: Suspected to be politically motivated, possibly state-sponsored.
Noteworthy: The malware is similar in behavior to past tools like NotPetya and HermeticWiper.
Employ immutable backup solutions that are air-gapped from the network.
Monitor system logs for abnormal deletion activities or failed boot processes.
Utilize endpoint detection and response (EDR) tools with behavior-based detection.
The Iranian-linked BladedFeline (aka OilRig) APT group has been discovered using multiple custom backdoors against high-ranking government and diplomatic entities.
Tools: Whisper (Veaty), Spearal, Optimizer.
Initial Access: Unknown, but possibly phishing or supply chain compromise.
Objective: Espionage and long-term surveillance.
Active Since: At least 2017; expanded aggressively since 2024.
Perform deep forensic analysis of systems handling sensitive government or strategic intel.
Audit all installed software for known command-and-control (C2) backdoor variants.
Conduct network segmentation for high-value targets.
UNC6040—a threat actor believed to be aligned with Scattered Spider TTPs—is employing voice phishing (vishing) to target Salesforce customers. They impersonate IT support teams to trick employees into installing a malicious Data Loader clone.
Cold-call users under the guise of IT support.
Direct victims to download a fake “Salesforce Data Loader.”
Steal credentials and access CRM data, potentially leading to mass data exfiltration.
Train employees to verify IT requests through official internal channels.
Restrict downloads and installations via admin policies.
Log and monitor for new OAuth tokens and API activity in Salesforce.
Google Chrome will officially distrust certificates issued by Chunghwa Telecom (Taiwan) and Netlock (Hungary) starting with Chrome 139 (August 2025).
Failure to meet baseline compliance requirements.
Risk of compromised or misissued certificates.
Apple already distrusted Netlock as of Nov 15, 2024.
Replace all certificates issued by these CAs before August.
Run an inventory check across your infrastructure to ensure certificate hygiene.
Audit internal PKI systems for any embedded dependency on these root certificates.
Originally spotted in Turkey, Crocodilus has now expanded its infection base to Poland, Spain, parts of Asia, and South America. The malware disguises itself as fake banking apps to steal credentials and crypto wallet seed phrases.
Block legitimate financial apps.
Harvest SMS codes and 2FA tokens.
Create fake contact entries to support future phishing or scam campaigns.
Mandate app downloads from Google Play Store or other trusted sources.
Deploy Mobile Threat Defense (MTD) for corporate-managed devices.
Enforce mobile OS patch compliance via Mobile Device Management (MDM).
Apple patched a zero-click vulnerability (dubbed NICKNAME) in the imagent daemon, exploited via iMessage. This allowed remote attackers to gain access to iPhones without any user interaction.
Exploit vector: Apple’s iMessage service.
Patched in: iOS 18.3.1 (released January 2025).
Target: High-profile individuals likely under surveillance.
Apply iOS security updates immediately, especially on executive devices.
Enforce iMessage usage policies for high-risk profiles (e.g., diplomats, execs).
Monitor Apple logs for anomalous imagent behavior.
Attackers are leveraging legitimate applications and trusted platforms to deploy malicious code or steal credentials—raising supply chain and shadow IT concerns.
Fake Chrome extensions with credential harvesting capabilities.
Malicious Salesforce plugins impersonating productivity tools.
“Shadow apps” installed without IT department knowledge.
Enforce zero trust for third-party tools.
Vet all extensions and plugins before deployment.
Monitor OAuth token issuance and third-party app access logs.
Here are some newly disclosed vulnerabilities organizations must prioritize for remediation:
| CVE | Description |
|---|---|
| CVE‑2025‑20286 | Cisco Identity Services Engine RCE |
| CVE‑2025‑5419 | Chrome V8 Zero-Day |
| CVE‑2025‑49113 | Roundcube Webmail RCE |
| CVE‑2025‑21479 / 21480 / 27038 | Qualcomm Chipset Vulnerabilities |
| CVE‑2025‑37093 | HPE StoreOnce Backup Appliance Flaws |
| CVE‑2025‑48866 | ModSecurity WAF Bypass |
| CVE‑2025‑25022 | IBM QRadar Suite XSS |
| CVE‑2025‑22243 | VMware NSX Manager Privilege Escalation |
| CVE‑2025‑24364 / 24365 | Vaultwarden Server-Side Issues |
| CVE‑2024‑53298 | Dell PowerScale OneFS DoS Bug |
Use vulnerability management platforms to prioritize based on exploitability and patch accordingly.
Cyber attackers are moving faster, exploiting zero-days more frequently, weaponizing plugins, and deploying destructive malware that bypasses traditional defenses. In this hostile landscape, cybersecurity isn’t just a technical function—it’s a business survival strategy.
Enforce browser and mobile OS updates within 48 hours of release.
Apply the Principle of Least Privilege (PoLP)—especially on CMS platforms.
Validate plugin and third-party software integrity before deployment.
Prepare for data loss with secure backups and rapid recovery playbooks.
Stay updated with CVE feeds and subscribe to trusted advisories.
At ClearInfosec, we’re committed to helping organizations stay ahead of the curve. Whether it’s vulnerability management, incident response, or GRC strategy, we bring clarity to security chaos.
The Hacker News. (2025, June 9). ⚡ weekly recap: Chrome 0-day, data wipers, misused tools and zero-click iPhone attacks. https://thehackernews.com/2025/06/weekly-recap-chrome-0-day-data-wipers.html