Citrix NetScaler CVE-2025-7775 Actively Exploited; Google Chrome Patches Zero-Day and Use-After-Free Vulnerabilities

IT Information Security News and Insights
Total 974 words ยท 4 mins read

Key Takeaways

  • Citrix NetScaler CVE-2025-7775 RCE vulnerability actively exploited; immediate patching is critical.
  • Google patched Chrome for CVE-2025-9478 and CVE-2025-5419; users should update immediately.
  • Zscaler found 77 malicious Android apps on Google Play with Joker and Anatsa trojans.
  • Cache deception attack tricks CDNs, exposing protected resources and sensitive data.
  • Hook v3 Android malware combines ransomware, spyware, and banking trojan functions.

Top Stories

Citrix NetScaler CVE-2025-7775 RCE vulnerability actively exploited; patches urged

On August 26, 2025, Citrix and CISA warned of active exploitation of CVE-2025-7775 in NetScaler ADC/Gateway appliances causing remote code execution and DoS. The CVSS 9.2 vulnerability requires immediate patching to prevent compromise.

Google Chrome fixes critical zero-day and use-after-free vulnerabilities in August 2025

On August 26-27, 2025, Google patched Chrome to fix CVE-2025-9478 use-after-free and CVE-2025-5419 zero-day in V8 engine enabling remote code execution. Users are urged to update immediately to prevent exploitation.

Zscaler uncovers 77 malicious Android apps on Google Play with Joker and Anatsa trojans

Zscaler ThreatLabs reported 77 malicious Android apps downloaded over 19 million times, spreading Joker and Anatsa banking trojans targeting Germany and South Korea. Users are advised to uninstall suspicious apps and use Play Protect.

New cache deception attack tricks CDNs into caching protected resources, exposing data

On August 27, 2025, a cache deception attack was documented exploiting URL processing differences to make CDNs cache protected resources, enabling attackers to retrieve sensitive data like session cookies.

Hook v3 Android malware evolves with 107 remote commands and ransomware overlays

On August 26, 2025, researchers identified Hook v3, an Android malware combining ransomware, spyware, and banking trojan functions with 107 remote commands and phishing overlays. It spreads via fake sites and GitHub, stealing credentials and financial data.

Cyber Resilience

Musashino Red Cross Hospital enhances cyber resilience with Cohesity-HPE data protection

Musashino Red Cross Hospital backs up 100TB+ data and achieved 500GB recovery in 20 seconds during drills using Cohesity-HPE integrated solution, improving cyberattack countermeasures and BCP.

InfoSec Insights

Recent LLM security incidents and AI pentesting methods address prompt injection and data leaks

In July-August 2025, multiple LLM security incidents including ChatGPT data leaks and code editor RCEs were reported; AI pentesting approaches emphasize continuous risk assessment and mitigation.

Proofpoint 2025 report reveals majority of CISOs fear cyberattacks; insider data loss rises

Proofpoint's 2025 Voice of the CISO report finds most CISOs expect material cyberattacks within 12 months, with two-thirds experiencing sensitive data loss often linked to departing employees.

Data blindness threatens AI accuracy and security in cloud and hybrid environments

Yoav Regev highlighted 'data blindness' as a major risk to AI and security due to lack of data visibility in cloud environments, urging continuous data scanning and classification.

Security Breaches

Italian e-commerce admin access sold on dark web exposing customer payment data

An Italian e-commerce site with 500+ monthly orders has its admin access sold by SinCity on the dark web, risking theft of customer data including PayPal and credit card payments.

Tech Updates

Securden Unified PAM suffers critical authentication bypass and other vulnerabilities

Security researchers disclosed four critical vulnerabilities in Securden Unified PAM, including CVE-2025-53118 authentication bypass enabling unauthorized access and password theft. Patches are available in version 11.4.4.

CISA issues ICS advisories for critical vulnerabilities in INVT, Schneider Electric, and Danfoss devices

On August 26, 2025, CISA released advisories for critical vulnerabilities in INVT VT-Designer, Schneider Electric Modicon M340, and Danfoss AK-SM drives with CVSS scores up to 9.1, urging immediate mitigations.

IPFire 2.29 firewall.cgi XSS vulnerability enables session hijacking and network pivoting

A critical stored XSS vulnerability (CVE-2025-50975) in IPFire 2.29's firewall.cgi allows authenticated admins to inject persistent JavaScript, risking session hijacking and unauthorized internal network actions.

PhpSpreadsheet library suffers critical SSRF vulnerability CVE-2025-54370 with high severity

A critical Server-Side Request Forgery vulnerability (CVE-2025-54370) in PhpSpreadsheet allows malicious HTML injection during spreadsheet processing, posing high risk across multiple versions.

Medium severity SQLi and XSS vulnerabilities reported in ruoyi-go, samarium, and mblog projects

In late August 2025, CVE-2025-9411 (SQLi), CVE-2025-9416 (XSS), and CVE-2025-9429 (XSS) were reported in ruoyi-go, samarium, and mblog respectively, all with medium severity scores.

Seceon introduces AI/ML cybersecurity platform cutting costs and false positives significantly

Seceon launched a cost-effective cybersecurity solution using AI/ML and Dynamic Threat Models, achieving up to 80% cost reduction and 90% fewer false positives.

ANY.RUN debuts Threat Intelligence Lookup to enhance SOC alert triage and detection

ANY.RUN introduced Threat Intelligence Lookup, a searchable database aggregating malware investigation data from 15,000 SOC teams to improve alert triage and detection using MITRE ATT&CK framework.

Threat Landscape

PRC-linked UNC6384 cyber espionage targets Southeast Asian diplomats with signed malware

Google revealed a PRC-linked UNC6384 campaign using social engineering and signed SOGU.SEC backdoor malware to target Southeast Asian diplomats since 2023. The attacks employ adversary-in-the-middle techniques and fake plugin updates for espionage.

ZipLine social engineering campaign targets US manufacturers with MixShell backdoor

Researchers uncovered ZipLine, a social engineering campaign using company contact forms to deliver MixShell malware to US supply chain manufacturers. The shellcode backdoor uses DNS TXT tunneling for covert command and control.

Phishing campaign exploits ConnectWise ScreenConnect to control devices across 900+ organizations

On August 26, 2025, attackers used phishing emails impersonating Zoom and MS Teams to deliver ScreenConnect remote access malware, targeting over 900 organizations mainly in US, Canada, UK, and Australia.

ONEFLIP backdoor flips one bit in deep neural networks to activate hidden malicious triggers

On August 26, 2025, researchers revealed ONEFLIP, an inference-time backdoor attack flipping a single bit in DNN weights to trigger malicious behavior with 99.6% success, threatening AI systems like autonomous vehicles.

ESET identifies PromptLock ransomware leveraging AI to generate encryption scripts

ESET discovered PromptLock ransomware using AI to create Lua scripts for file encryption across Windows, Linux, and macOS, employing SPECK 128-bit encryption and written in Golang.

Mustang Panda APT TTPs leaked; PlugX infections on 4,200+ devices dismantled in 2025

Mustang Panda, a China-based APT, had its cyber espionage tactics leaked; early 2025 saw dismantling of PlugX malware on over 4,200 devices distributed via malicious USB drives.

Follow What Matters to You

Sources

What interests you today?

Initializing Request

Extracting Keywords

Analyzing Relevant Sources

Generating Your Channel

Suggested Topics

Join Syft AI right now!

Continue with Google
By tapping Continue, you agree to our Terms and Privacy Policy

Free Channel Limits

You can follow up to 0 free channels during beta testing.

Manage my channels

Confirm Unfollow

App not launch?

If the app doesn't launch successfully, you may need to download and install the latest version.