July 2025 – Page 6

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.
The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that could result in a sandbox escape via

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.
DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims’ accounts and gain

Tonic Security Launches With $7 Million in Seed Funding

Tonic Security has emerged from stealth mode to tackle the complexity of exposure and vulnerability management.

The post Tonic Security Launches With $7 Million in Seed Funding appeared first on SecurityWeek.

Apple Patches Safari Vulnerability Flagged as Exploited Against Chrome

Tracked as CVE-2025-6558, the flaw was found in Chrome’s ANGLE and GPU components and was flagged as exploited by Google TAG.

The post Apple Patches Safari Vulnerability Flagged as Exploited Against Chrome appeared first on SecurityWeek.

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.
“Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color

Axonius Acquires Medical Device Security Firm Cynerio in $100 Million Deal

Axonius has acquired Cynerio for $100 million in cash and stock to accelerate its expansion into the healthcare market.

The post Axonius Acquires Medical Device Security Firm Cynerio in $100 Million Deal appeared first on SecurityWeek.

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses.
“Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t observed any new intrusions directly

Month: July 2025