Blog

Weekly Security Alert – July 7th, 2025

Skip to Key Ideas Q and A


Quick Answers

Q: What is the latest Google Chrome security threat?
A: A zero-day vulnerability in Google Chrome (CVE-2025-6554) is under active exploitation and can lead to remote code execution. Users should update to version 138.0.7204.96 or later immediately.

Q: What are the most urgent cybersecurity vulnerabilities right now?
A: Critical vulnerabilities affecting Chrome, Erlang/OTP, SAP NetWeaver, Windows, and NetScaler are being actively discussed and may be exploited; organizations should prioritize patching.

Q: What new ransomware threat should security teams watch for?
A: DEVMAN ransomware is a new hybrid variant with unique traits like deterministic file renaming and offline encryption, posing a challenge for detection and response.

PDI’s Weekly Threat Intelligence Summary is compiled by our expert threat analysts, highlighting the key threat events you should know about and offering mitigation recommendations.

Google Chrome Patch Addresses Zero-Day Vulnerability under Active Exploitation

Threat Hunting

DEVMAN Ransomware

Trending Vulnerabilities

Top InfoStealer Malware

Top Ransomware Actors

Top Intelligence Events

Threat Brief (High):

Google Chrome Patch Addresses Zero-Day Vulnerability under Active Exploitation

Google has released emergency security updates to address a Chrome zero-day vulnerability for which an exploit exists in the wild.

The vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), is a type of confusion vulnerability that resides in the V8 JavaScript and WebAssembly engine. Remote, unauthenticated attackers can exploit this vulnerability by serving crafted HTML pages to targets. The pages can trigger the vulnerability and could allow them to execute arbitrary read/write operations. In some cases, this could lead to full remote code execution.

According to Google, the issue was mitigated on June 26, 2025 by a configuration change pushed out to Stable channel across all platforms. CVE-2025-6554 has now been fixed with new versions rolling out worldwide.

Security updates for Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are still in the works. Users of these browsers should check for updates and apply when available.

To mitigate risk from the latest Chrome zero-day, organizations using Chrome browsers are urged to immediately apply the updates.  Google has released security patches for Windows, macOS, and Linux platforms:

  • Chrome v138.0.7204.96/.97 for Windows
  • Chrome v138.0.7204.92/.93 for Mac
  • Chrome v138.0.7204.96 for Linux

To manually get the update, go to Settings > Help > About Google Chrome. This should trigger the latest update automatically.

For businesses and IT teams managing multiple endpoints, enabling automatic patch management and monitoring browser version compliance is critical.

Threat Hunting

The Threat Hunting Team at PDI utilizes trends and actionable intelligence to determine which hunts to prioritize. Here are the most significant hunts from the past week, along with the necessary log dependencies and a brief summary of each:
Threat Hunt: DEVMAN Ransomware
Date: 07/05/25
Log Dependencies: EDR Solutions (SentinelOne and CrowdStrike), eSIEMSummary: DEVMAN ransomware is a hybrid ransomware strain built on DragonForce and Conti code that demonstrates unusual behaviors including self-encrypting ransom notes and multiple encryption modes across different Windows operating systems. The sample reveals a hybrid ransomware approach with unique traits like deterministic file renaming, SMB lateral movement attempts, and offline operation.

Top Intelligence Trends

Vulnerabilities

Below are the top five trending vulnerabilities of the week. Trends are determined by criticality, activity, mentions, and exploitability. If your organization uses any of these technologies, you should prioritize patching against these threats.

  • CVE-2025-32433 – Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
  • CVE-2025-31324– SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
  • CVE-2025-29824 – Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
  • CVE-2025-6554 – Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
  • CVE-2025-6543 – Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

InfoStealer Malware

PDI’s Threat Intelligence Team is constantly analyzing data from dark web marketplaces to keep a pulse on InfoStealer malware trends. The team identifies and studies these covert threats to arm our clients and guide our threat hunting operations. Our analysis of these cybercriminal exchanges aids in predicting and countering these InfoStealer threats, safeguarding our clients’ digital assets.

Key Ideas Q and A

Q:
What is the latest Google Chrome security threat?
A:
A zero-day vulnerability in Google Chrome (CVE-2025-6554) is under active exploitation and can lead to remote code execution; users should update to version 138.0.7204.96 or later immediately.

Q:
What are the most urgent cybersecurity vulnerabilities right now?
A:
Critical vulnerabilities affecting Chrome, Erlang/OTP, SAP NetWeaver, Windows, and NetScaler are being actively discussed and may be exploited; organizations should prioritize patching.

Q:
What new ransomware threat should security teams watch for?
A:
DEVMAN ransomware is a new hybrid variant with unique traits like deterministic file renaming and offline encryption, posing a challenge for detection and response.

Q:
How can organizations reduce exposure to emerging browser threats?
A:
Organizations should enable automatic patching, monitor version compliance, and verify Chrome and Chromium-based browsers are running the latest security updates.

Q:
Where can users find and apply the latest Chrome update?
A:
Users can go to Chrome’s Settings > Help > About Google Chrome to automatically check for and apply the latest update addressing CVE-2025-6554.

Request your free threat assessment.
Back to top ↑

Have you registered for our next event?

View Upcoming Events
Contact Us