In today’s cybersecurity news…
Chrome Zero-Day CVE-2025-6554 under active attack — Google issues security update
Google has patched a zero-day vulnerability in Chrome, a type confusion flaw in the V8 JavaScript engine that was actively exploited in the wild. The bug allowed attackers to execute arbitrary code via malicious HTML, prompting a swift mitigation pushed to all platforms. Discovered by Google’s Threat Analysis Group, the flaw marks Chrome’s fourth zero-day fix of 2025.
International Criminal Court targeted by new ‘sophisticated’ attack
The International Criminal Court (ICC) says it detected a new, “sophisticated and targeted” cyberattack last week. The Court didn’t specify the attackers’ motives or confirm if sensitive case data was compromised, but did note the breach was quickly contained with an ongoing impact analysis. The ICC has faced prior cyber threats, including espionage attempts and direct retaliation for issuing arrest warrants against leaders from non-member states like Russia and Israel.
Kelly Benefits says 2024 data breach impacts 550,000 customers, Esse Health says recent data breach affects over 263,000 patients
Kelly Benefits confirmed a data breach from December 2024 that ultimately affected 553,660 individuals—that’s up from an initial estimate of 32,000. The compromised data includes names, Social Security numbers, medical and health insurance information, and in some cases, financial account details. The breach impacted 46 affiliated organizations, including major insurers like UnitedHealthcare and Aetna, and affected individuals are being offered 12 months of free credit monitoring and identity theft protection.
In related news, Esse Health, a major physician group in St. Louis, MO, is notifying more than 263,000 patients that their personal and health data was stolen during a cyberattack in April. The breach disrupted patient-facing systems and let attackers access and exfiltrate files containing names, dates of birth, health insurance info, and medical record numbers. No Social Security numbers were compromised, and no group has claimed responsibility. Affected patients are being offered free identity protection through IDX.
(Bleeping Computer, Bleeping Computer)
Microsoft removes password management from Authenticator app starting August 2025
Microsoft will remove password management features from its Authenticator app starting August 1st as part of its broader shift toward a passwordless ecosystem. Autofill support will end this month, and saved passwords will no longer be accessible in the app after August, though users can manage them through Microsoft Edge going forward. The change does not affect passkey functionality.
Huge thanks to our sponsor, Palo Alto Networks
Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attacks with real-time cloud security that includes AI-powered protection, detection and automated response capabilities.
Threats are stopped in minutes instead of days, and teams can finally protect cloud environments at the speed and scale of modern attacks. To learn more about how Cortex Cloud stops cloud attacks before they become breaches, visit: paloaltonetworks.com/cortex/cloud-detection-and-response
AT&T now lets you lock down your account to prevent SIM swapping attacks
AT&T has launched a new “Account Lock” feature to help prevent SIM swapping attacks by blocking unauthorized changes to phone numbers, SIM cards, billing details, and device upgrades. Users can enable or disable the feature via the myAT&T app, and only primary or secondary account holders have access. Other carriers like Verizon and T-Mobile already offer similar protections.
Cyberattack on Russian independent media had links to US-sanctioned institute, researchers find
Researchers say a recent DDoS attack on Russian independent media outlets IStories and Verstka was linked to Biterika, a Russian hosting provider tied to a U.S.-sanctioned state tech institute. One-third of the attack traffic reportedly came from Biterika, whose owner, Valentina Aleshina, has ties to military software development.
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
Researchers have discovered that popular IDEs like Visual Studio Code and IntelliJ IDEA contain flaws in their extension verification process, allowing malicious plugins to appear “verified” and execute code on developer machines. The exploit relies on mimicking metadata from trusted extensions to bypass verification, posing serious risks especially for developers installing extensions from unofficial sources. Microsoft says its marketplace blocks such extensions, but the vulnerability was still found exploitable as of late June 2025.
Cloudflare Puts a Default Block on AI Web Scraping
Cloudflare will now block AI web crawlers by default, requiring explicit permission from website owners before allowing content to be scraped for training large language models. The move is designed to protect original content and establish a more equitable economic model, as AI companies have previously scraped content without consent or compensation. Cloudflare says the shift gives creators control and promotes responsible AI development, though its impact may be limited on major social platforms that also develop their own LLMs.