Check Point researchers discovered multiple severe vulnerabilities in Windows' Graphics Device Interface that allow remote attackers to execute code by tricking users into opening malicious Word documents or images. The most dangerous flaw, CVE-2025-53766, scores 9.8 on the severity scale and requires no user privileges to exploit.

These bugs affect Windows 10, 11, and Office across platforms. Attackers can trigger them through rigged thumbnails or documents, potentially gaining full system control. The vulnerabilities stem from improper handling of Enhanced Metafile formats, causing buffer overflows and memory corruption.

Microsoft patched these issues in recent updates, but the discovery highlights ongoing risks in legacy graphics code. Users should install patches immediately and enable automatic updates to stay protected.

Source: Cyber Security News

A new Auburn University report reveals that China's state-sponsored 'Typhoon' hacking groups are systematically targeting US critical infrastructure—energy grids, water systems, telecommunications, transportation, and healthcare—to enable large-scale disruption during future conflicts.

The hackers have already penetrated major telecom providers like Verizon and AT&T, accessing data from one million Americans including senior officials. Energy sector intrusions could trigger cascading blackouts across multiple states, while water system compromises threaten public safety and military operations.

Unlike traditional espionage, these campaigns aim to preposition capabilities for strategic disruption, potentially delaying US military deployments in an Indo-Pacific conflict. Current US countermeasures—sanctions, indictments, advisories—haven't deterred China's activities, highlighting gaps in international cyber law and the need for stronger allied coordination.

Source: Industrial Cyber

Security researcher hxr1 discovered a new way to sneak malware past Windows defenses by hiding it inside AI model files. The attack exploits Windows' built-in AI features, which automatically trust ONNX neural network files used by apps like Windows Hello and Office.

Since Windows doesn't check these AI files for threats, attackers can embed malicious code in the model's data and use Microsoft's own trusted system files to execute it. Security programs see legitimate AI processing instead of a cyberattack.

The researcher suggests this highlights a major blind spot as AI becomes more common. Security tools need updates to scan AI files, and users shouldn't blindly trust AI models downloaded from the internet.

Source: Dark Reading

More than half a dozen federal agencies now support banning TP-Link routers, which control roughly 65% of the US router market. Commerce, Defense, and Justice departments opened investigations into the company last year over alleged ties to China's government, despite TP-Link's denials.

The company split in October 2024, creating TP-Link Systems as a US-based entity with 500 American employees. However, officials worry the routers handle sensitive data and remain subject to Chinese influence. TP-Link grew from 20% market share in 2019 to dominating today's market, with over 300 internet providers using their devices.

The Justice Department is also investigating potential predatory pricing. While Trump administration negotiations with China may delay action, the ban proposal sits with the Commerce Department awaiting final decision.

Source: CNET

Canada's Cyber Centre warned that hacktivists are increasingly targeting internet-accessible industrial control systems across the country. Recent attacks hit a water facility (manipulating pressure values), an oil and gas company (triggering false alarms), and a farm grain silo (altering temperature controls).

The agency received multiple incident reports in recent weeks, with cyber incidents affecting operational technology systems jumping from 49% to 73% in 2024. Hacktivists exploit these vulnerabilities to gain media attention and damage Canada's reputation.

The Cyber Centre urges organizations to inventory all internet-accessible systems, implement VPNs with two-factor authentication where possible, and enhance monitoring practices. Clear coordination between federal, provincial, and municipal governments is essential to protect critical infrastructure.

Source: Industrial Cyber

Japanese advertising giant Dentsu disclosed hackers breached its subsidiary Merkle's network, stealing files containing sensitive employee and client data. The attack affected Merkle, a customer experience company with over 16,000 employees across 80+ locations.

Stolen files include personal contact details, salary information, bank data, and National Insurance numbers of current and former UK employees. Clients and suppliers were also impacted. Dentsu shut down some systems after detecting unusual network activity and brought in cybersecurity experts.

The company is notifying affected individuals and offering free dark web monitoring. While Dentsu's Japan operations remain unaffected, the breach will have financial consequences.

Source: SecurityWeek

Security researchers have uncovered a new phishing technique where cybercriminals embed invisible Unicode characters in email subject lines to evade automated security systems. The attackers use MIME encoding with soft hyphens to fragment trigger words like "password" while keeping them readable to humans.

When viewed in email clients, subjects appear garbled in message lists but render normally when opened. The technique breaks up keywords that would typically alert security filters, allowing fake "password expiration" emails to reach inboxes.

The Internet Storm Center discovered this method targeting credential theft through fake webmail login pages. The invisible characters effectively turn "password" into "p-a-s-s-w-o-r-d" at the code level, fooling detection systems while appearing normal to victims.

Source: Cybersecurity News

Japan's largest brewer Asahi was forced to halt production at most of its 30 factories after a ransomware attack last month disrupted operations from beer shipments to accounting systems. The company now says personal data may have been stolen during the breach.

All facilities have partially reopened, but computer systems remain down, forcing staff to process orders using pen, paper, and fax machines. Russia-based ransomware group Qilin claimed responsibility for the attack.

Asahi is investigating the extent of data theft and will notify affected individuals if confirmed. The attack only impacted Japanese operations, which represent half of the company's sales, leaving international brands like Peroni and Grolsch unaffected.

Source: BBC

Svenska kraftnät, Sweden's national electricity transmission system operator, is investigating a data breach linked to the Everest ransomware group. The cyberattack targets critical infrastructure responsible for managing Sweden's power grid operations.

The breach raises serious concerns about national energy security, as Svenska kraftnät oversees the country's high-voltage electricity transmission network. Ransomware attacks on power grid operators can potentially disrupt electricity supply and compromise sensitive operational data.

The investigation is ongoing as authorities work to determine the full scope of the breach and any potential impact on Sweden's electrical infrastructure.

Source: Industrial Cyber

Kaspersky researchers discovered that a Chrome zero-day vulnerability (CVE-2025-2783) was exploited earlier this year using commercial spyware called "Dante" from Memento Labs. The attacks, part of "Operation ForumTroll," targeted government and private entities in Russia and Belarus through personalized phishing emails.

Memento Labs is the successor to Hacking Team, which was compromised in 2015 but relaunched in 2019. The sophisticated exploit bypassed Chrome's sandbox protections by exploiting an obscure Windows quirk involving "pseudo handles" - a decades-old optimization that became a security vulnerability.

This case highlights how commercial spyware vendors are driving zero-day attacks against major tech companies. Google has patched the flaw, but researchers warn similar vulnerabilities may exist in other applications.

Source: Dark Reading