Google Chrome Zero-Day & FortiWeb SQL Flaw: Critical Fixes
▼ Summary
– Google patched an actively exploited Chrome zero-day vulnerability (CVE-2025-6558), the fifth such fix this year.
– Public exploits for a critical FortiWeb SQL injection flaw (CVE-2025-25257) urge immediate patching to prevent attacks.
– SonicWall SMA 100 series devices are infected with a stealthy backdoor, even when fully patched, per Google’s Threat Intelligence Group.
– Gigabyte motherboards have UEFI firmware vulnerabilities enabling bootkit installation, affecting over 100 models.
– A new report reveals 10% of employees account for most cybersecurity risks, highlighting targeted behavioral risks.
Google Chrome users face urgent security risks as attackers actively exploit a newly discovered zero-day vulnerability (CVE-2025-6558). This marks the fifth critical Chrome flaw patched this year, emphasizing the need for immediate updates to prevent potential breaches. Meanwhile, Fortinet’s FortiWeb web application firewall is under threat due to a severe SQL injection flaw (CVE-2025-25257), with public proof-of-concept exploits increasing the likelihood of widespread attacks.
Cybersecurity experts have been caught off guard by several unexpected trends in 2025, from sophisticated malware campaigns to evolving threat actor tactics. SonicWall SMA 100 series appliances, despite being fully patched, remain vulnerable to a stealthy backdoor known as OVERSTEP, according to Google’s Threat Intelligence Group.
The risks extend beyond software, Gigabyte motherboards with vulnerable UEFI firmware could allow attackers to install persistent bootkits, compromising systems at the hardware level. Meanwhile, discussions around DevSecOps highlight the importance of integrating security into development workflows, ensuring both teams share responsibility for safeguarding applications.
Operational technology (OT) security is gaining attention as industries recognize the need for sustainable, long-term strategies rather than reactive fixes. The recent CVE program crisis underscored vulnerabilities in relying solely on standardized vulnerability tracking, prompting calls for a more holistic approach to identifying security gaps.
Silent authentication is emerging as a seamless solution for BYOD security, balancing convenience with protection. On the regulatory front, machine unlearning advancements now enable compliance with data privacy laws like GDPR, ensuring personal data is scrubbed from AI models upon request.
A surprising revelation from a Living Security and Cyentia Institute report shows that 10% of employees account for the majority of cybersecurity risks, challenging conventional assumptions about human error. Meanwhile, nanoparticle-based anti-counterfeiting technology could revolutionize product authentication, offering tamper-proof molecular tagging.
Despite a reported decline in ransomware attacks, experts warn against complacency, urging organizations to move beyond check-the-box security policies and adopt proactive measures. Open-source tools like Falco for runtime security and pqcscan for post-quantum cryptography assessments provide accessible ways to strengthen defenses.
For professionals seeking opportunities, cybersecurity job openings remain abundant, spanning roles from entry-level to executive positions. Product highlights include Passwork 7.0, a self-hosted password manager, and Enzoic for Active Directory, which enhances credential security.
As threats evolve, Bitdefender PHASR offers proactive hardening solutions, helping organizations identify misconfigurations before exploitation. The latest infosec product releases from At-Bay, Immersive, and others demonstrate ongoing innovation in threat detection and response. Staying ahead requires vigilance, adaptability, and a commitment to embedding security at every level.
(Source: HelpNet Security)