Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks?
Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected cracks they reveal in systems we trust.
Google Patches Actively Exploited Chrome 0-Day
Google has addressed a high-severity security flaw in its Chrome browser for Windows that has been exploited by unknown actors as part of a sophisticated attack aimed at Russian entities. The flaw, CVE-2025-2783 (CVSS score: 8.3), is said to have been combined with another exploit to break out of the browser's sandbox and achieve remote code execution. The attacks involved distributing specially crafted links via phishing emails that, when clicked and launched using Chrome, triggered the exploit. A similar flaw has since been patched in Mozilla Firefox and Tor Browser (CVE-2025-2857), although there is no evidence that it has been exploited.
Are you facing a constant barrage of new threats and attack scenarios? Then check out the latest Gartner® Market Guide, "Market Guide for Adversarial Exposure Validation" now and learn how to assess your readiness against evolving cybersecurity challenges. Grab your complimentary copy today!
Attackers love software vulnerabilities—they’re easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out.
This week’s list includes — CVE-2025-2783, CVE-2025-2476 (Google Chrome), CVE-2025-2857 (Mozilla Firefox, Tor Browser), CVE-2025-1974 (Kubernetes NGINX Ingress Controller), CVE-2025-26512 (NetApp SnapCenter), CVE-2025-22230 (VMware Tools for Windows), CVE-2025-2825 (CrushFTP), CVE-2025-20229 (Splunk), CVE-2025-30232 (Exim), CVE-2025-1716, CVE-2025-1889, CVE-2025-1944, CVE-2025-1945 (picklescan), and CVE-2025-2294 (Kubio AI Page Builder plugin).
Disable Browser Autofill for Sensitive Fields
Autofill might save time, but it can silently leak your data. Attackers can craft hidden form fields on malicious websites that your browser unknowingly fills with your email, phone number, or even credit card info—without you ever clicking a thing. It’s a quiet but real threat, especially in phishing attacks.
To stay safer, disable autofill
