In today’s cybersecurity news…
Google patches sixth Chrome zero-day exploited in attacks this year
Emergency security updates were released to patch this sixth one, which has been tagged as exploited in attacks since the start of the year. The zero-day vulnerability in question has a CVE number and has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. The company did not specify whether this security flaw is still being actively abused in the wild, but stated that it has “a public exploit, a common indicator of active exploitation. This according to reported by Google’s Threat Analysis Group on Tuesday.
Microsoft to force install the Microsoft 365 Copilot app in October
The installation will occur on Windows devices outside the European Economic Area (EEA) region that have the Microsoft 365 desktop client apps. The company is “advising admins to notify their organizations’ helpdesk teams and users before the app is forcibly installed on their devices to reduce confusion and support requests.” The app will be added to the Windows Start Menu and will be enabled by default. Admins will be able to opt out in the Apps Admin Center.
Two more Scattered Spider teen suspects arrested
The individuals have been arrested in relation to the Transport for London (TfL) cyberattack that occurred in September of last year. The two individuals, aged 18 and 19 face charges under the Computer Misuse Act. Britain’s National Crime Agency also stated that the elder of the two may also have been involved in attempted attacks against U.S. healthcare companies SSM Health Care Corporation and Sutter Health.
ChatGPT Targeted in server-side data theft attack
According to researchers at web security company Radware, a service-side data theft attack dubbed ShadowLeak “targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research for complex tasks. This attack did not require any user interaction; it simply sent a specially crafted email that instructed the Deep Research agent to silently collect valuable data and send it back to the attacker. OpenAI neutralized ShadowLeak after having been notified by Radware.(Security Week)
Huge thanks to our sponsor, Drata
With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction.
That means less manual work, and faster deal cycles.
Win with Trust. Learn more at SafeBase.io.
WatchGuard warns of critical vulnerability in Firebox firewalls
The company has released security updates to address a remote code execution vulnerability impacting the company’s Firebox firewalls. The CVE numbered flaw (CVE-2025-9242) is a critical security flaw caused by an out-of-bounds write weakness that can allow attackers to execute malicious code remotely on vulnerable devices following successful exploitation. It affects firewalls running Fireware OS 11.x and some in the 12 series. While Firebox firewalls are only vulnerable to attacks if they are configured to use a specific VPN, WatchGuard said that they “may still be at risk of compromise, if a branch office VPN to a static gateway peer is still configured.”
Russian ransomware versatility grows through multi-version malware loader
Researchers at Silent Push have identified a new malware loader called CountLoader, being used by Russian ransomware gangs to deliver tools like Cobalt Strike, AdaptixC2, and the PureHVNC RAT. The researchers say it is deployed “either by Initial Access Brokers or ransomware affiliates linked to LockBit, Black Basta, and Qilin. The malware exists in three forms: .NET, PowerShell, and JavaScript—and has been seen in phishing campaigns targeting Ukrainians with fake PDFs impersonating the National Police of Ukraine.
Cloudflare explains self-own in September 12 outage
Following up on the Cloudflare outage that occurred on September 12, the company has now admitted that a coding error using a React useEffect hook, caused the outage for the platform’s dashboard and many of its APIs. The outage lasted for over an hour, and was “triggered by a bug in the dashboard, which caused “repeated, unnecessary calls to the Tenant Service API, and one of the dependencies was an object that was “recreated on every state or prop change.” The consequence was that the hook ran repeatedly during a single render of the dashboard, when it was only intended to run once. The function ran so often that the API was overloaded, causing the outage.” According to The Register, this caused the company to DDOS itself.
Google’s huge new UK datacenter comes with large carbon footprint
A topic we don’t talk much about in the worlds of cybersecurity and data is the amount of CO2 that data centers produce, a number destined to increase significantly as AI becomes more ubiquitous. This issue came back to the light this week, with the announcement of a new Google datacenter in the English county of Essex. It is “expected to emit more than half a million tonnes of carbon dioxide a year, equivalent to about 500 short-haul flights a week, planning documents show. Named the Thurrock “hyperscale datacenter,” it will cover 128 acres, and will be just one of many huge computer and AI power plants if it secures planning consent is given by the government.