Ticker feed

CISA has issued an urgent warning about a zero-day vulnerability in Google Chrome that's already being exploited by attackers. The flaw, CVE-2025-13223, affects Chrome's V8 JavaScript engine and allows hackers to execute malicious code remotely just by tricking users into visiting compromised websites.

The vulnerability impacts Chrome versions before 131.0.6778.72 and extends to other Chromium-based browsers like Microsoft Edge and Brave. Google patched the issue on November 19, 2025, but CISA has given federal agencies until December 10 to update their systems.

With over 3 billion Chrome users worldwide, this high-severity bug poses massive risks for data breaches and malware infections. Users should immediately update to the latest Chrome version to protect themselves.

Source: Cybersecurity News

DoorDash confirmed a recent data breach on November 13 after an employee fell victim to a social engineering scam. Criminals accessed customer names, phone numbers, email addresses, and physical addresses for both delivery drivers and customers.

The good news? No bank account or payment card information was compromised. DoorDash's response team quickly cut off unauthorized access and reported the incident to law enforcement.

The company has implemented additional employee training on social engineering scams and upgraded security systems. Customers should watch for suspicious messages attempting to use their exposed personal information for fraud. This breach adds to 2024's staggering total of 3,158 corporate data compromises.

Source: CNET

Amazon is sounding the alarm about a dangerous new form of warfare where cyberattacks directly enable physical military strikes. The tech giant calls it "cyber-enabled kinetic targeting" - hackers compromise security cameras and surveillance systems to provide real-time intelligence for missile attacks.

The most striking example: Iran's MuddyWater group hacked Jerusalem CCTV cameras in May, then used live feeds to adjust missile targeting during attacks on June 23. This allowed Iranian forces to make real-time adjustments while weapons were in flight.

Amazon's security chief Steve Schmidt warns that traditional cybersecurity approaches treating digital and physical threats separately are now "detrimental." Nation-states are pioneering this hybrid model, and more countries will follow suit, fundamentally changing how warfare operates.

Source: CyberScoop

A threat actor called dino_reborn has deployed seven malicious npm packages that cleverly distinguish between regular users and security researchers before delivering malware. The packages use Adspect cloaking technology to fingerprint visitors through 13 data points including browser details and language preferences.

When researchers visit infected sites, they see only blank pages. But victims encounter fake CAPTCHAs mimicking legitimate crypto exchanges like Uniswap, which redirect them to scam sites after a convincing three-second verification process.

Socket.dev analysts discovered the campaign, tracing it to geneboo@proton.me. The malware blocks developer tools and disables right-click menus to prevent analysis, representing a new evolution in supply chain attacks targeting the npm ecosystem.

Source: Cyber Security News

AT&T customers have until December 18, 2025, to claim their share of a $177 million settlement from two major data breaches. The 2019 breach exposed personal data including Social Security numbers for 73 million customers, while the 2024 Snowflake hack affected phone records of 109 million users.

Customers with documented losses can receive up to $5,000 for the 2019 breach and $2,500 for the 2024 incident. Those without proof of losses still qualify for smaller payments. People affected by both breaches could potentially claim up to $7,500 total.

To file a claim, visit telecomdatasettlement.com with your Class Member ID from Kroll's notification email, or call 833-890-4930 for help.

Source: CNET

Pennsylvania's Attorney General office confirmed a major data breach following a ransomware attack that disrupted services for three weeks in August. The Inc Ransom group claimed responsibility in September, allegedly stealing 5.7 TB of data including personal information like Social Security numbers and medical records from investigative units.

The hackers also accessed details about the office's use of Cellebrite software, which extracts data from mobile devices. While officials say there's no evidence of data misuse, cybersecurity experts remain skeptical since ransomware groups typically publish or sell stolen information. The attack likely exploited a Citrix Netscaler vulnerability called CitrixBleed2.

Source: Security Week

Google released an emergency Chrome update to patch a critical zero-day vulnerability that hackers are already exploiting in the wild. The fix addresses CVE-2025-13223, a type confusion bug in Chrome's V8 JavaScript engine that lets attackers execute malicious code remotely without user interaction.

Google's Threat Analysis Group discovered the flaw on November 12, 2025, and confirmed exploits are circulating. The vulnerability affects Chrome's sandbox protections, potentially allowing hackers to steal data or install malware. A second related bug was also patched.

The update is available in Chrome version 142.0.7444.175 for Windows/Linux and 142.0.7444.176 for Mac. Users should update immediately and enable automatic updates to stay protected.

Source: Cybersecurity News

Iranian state-sponsored hacking group APT42, linked to the Islamic Revolutionary Guard Corps, is conducting an elaborate espionage campaign targeting senior defense and government officials. The hackers spend weeks building relationships with victims through social media before sending fake conference invitations that either steal credentials or install TameCat malware.

The sophisticated PowerShell backdoor communicates through Telegram and Discord, allowing hackers to remotely execute commands and steal sensitive data. APT42 even targets victims' family members to increase pressure and expand their attack surface. Israel's National Digital Agency warns the campaign uses legitimate cloud services mixed with attacker infrastructure to maintain long-term access to high-value targets.

Source: Security Week

Multiple threat actors are actively exploiting CVE-2025-24893, a critical XWiki vulnerability discovered October 28, 2025, to deploy botnets and cryptocurrency miners on servers worldwide. CISA added it to their Known Exploited Vulnerabilities catalog just two days later on October 30.

The RondoDox botnet incorporated the flaw by November 3, causing a sharp spike in attacks. Hackers are using the vulnerability to execute malicious code through XWiki's SolrSearch endpoint, with attacks ranging from automated scanning to sophisticated reverse shell attempts from AWS IP addresses.

Organizations should immediately patch XWiki installations, monitor for unusual SolrSearch requests, and implement network segmentation to reduce exposure.

Source: Cyber Security News

Pennsylvania's Attorney General's Office is warning residents about a data breach that occurred in August, potentially exposing personal information including social security numbers. The cyber incident took down the office's website, email, and phone systems on August 9. While hackers may have accessed sensitive data, officials say there's no evidence the information has been misused yet.

Affected residents were notified Friday and offered identity protection services. The breach comes just weeks after Pennsylvania experienced a statewide 911 outage in July, though that incident was caused by technical issues, not a cyberattack.

Source: CBS News Pittsburgh