Featured Story

Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google has released a critical update for Chrome addressing six vulnerabilities, including CVE-2025-6558, a high-severity zero-day exploited in the wild. The flaw, rated CVSS 8.8, involves insufficient validation in ANGLE and GPU components, allowing sandbox escape through crafted HTML pages. This type of vulnerability enables attackers to bypass Chrome’s security barriers simply by luring a user to a malicious site.

Other Stories

Google Gemini Flaw Hijacks Email Summaries for Phishing

A new threat in Google Gemini for Workspace allows attackers to manipulate AI-generated email summaries using hidden prompt injections. By embedding invisible commands in an email’s HTML content, attackers can trick Gemini into summarizing malicious instructions as legitimate content, guiding users to phishing sites without using obvious links or attachments.

Cisco Discloses ’10’ Flaw in ISE, ISE-PIC

Cisco revealed CVE-2025-20337, a CVSS 10.0 vulnerability in Identity Services Engine (ISE) and ISE-PIC. It allows unauthenticated remote attackers to execute root-level OS commands via malicious API requests. This joins two other critical flaws (CVE-2025-20281 and -20282) disclosed recently, all due to poor input validation.

Beware of Suspicious Text Messages from French Toll Booths

Cybercriminals are exploiting France’s new barrier-free toll system by sending phishing SMS messages demanding fake payments of around €6.80. The messages mimic official toll communication and direct users to fraudulent websites, prompting them to input payment information under false pretenses.