Security news weekly round-up - 6th June 2025
#security
Habdul Hazeez

Habdul Hazeez @ziizium

About: I teach and write code with interests in Web Development, Computer Security, and Artificial Intelligence.

Location:
Nigeria
Joined:
Feb 25, 2019

Security news weekly round-up - 6th June 2025

Publish Date: Jun 6
0 3

When we think that we are done with them, another one appears out of nowhere. Sometimes, they can leave us speechless while we think: how can we do away with them? As it stands, it appears that we can't. What am I talking about? Malware and vulnerabilities.

These two threats can keep defenders up all day and night while they put in the effort to mitigate or remediate the risks that they pose to organizations and users around the world.

In this week's review, they are taking center stage again. If you're a regular reader, you'll not be surprised. Of course, we have other topics (or threats if you'd prefer that term), but as usual, we hardly cover them. What are they? Read on to find out.

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

The two vulnerabilities, CVE-2025-5054 and CVE-2025-4598 have a CVSS score of 4.7. But given the fact that they can allow an attacker to leak or read sensitive data means that they pose a great risk to organizations that are using the affected operating systems.

I am not exaggerating that. Moreover, the following excerpt from the article says the same and advises what defenders can do to mitigate the risks posed by the vulnerabilities.

The fallout includes operational downtime, reputational damage, and potential non-compliance with regulations. To mitigate these multifaceted risks effectively, enterprises should adopt proactive security measures by prioritizing patches and mitigations, enforcing robust monitoring, and tightening access controls.

Google Researchers Find New Chrome Zero-Day

It's good news that the good guys discovered the vulnerability. There is also bad news; it appears that there is an exploit in the wild. Moreover, history has shown us that exploits in Chrome are often exploited by spyware vendors.

From the article, we have the following. The dangerous part is the arbitrary code execution. This allows an attacker to run any command on your system, potentially taking full control and stealing, deleting, or corrupting your data.

According to a NIST advisory, the exploited zero-day “allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page”. It should be noted that the exploitation of out-of-bounds defects often leads to arbitrary code execution.

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

It's a complicated and serious issue that Google is taking seriously. The article's title captures what it all entails. This also begs the question: is there any protection against this? The author of the article advises not to install Facebook, Instagram, or Yandex apps on your Android devices.

Here is how it all started, and how it's going:

The bypass—which Yandex began in 2017 and Meta started last September—allows the companies to pass cookies or other identifiers from Firefox and Chromium-based browsers to native Android apps for Facebook, Instagram, and various Yandex apps. The companies can then tie that vast browsing history to the account holder logged into the app.

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Crocodilus was initially reported in March 2025. Now, its reach is expanding to multiple countries. That's good news for the creators but bad news for everyone and the geopolitical zones that the malware targets.

What's new in Crocodilus? There you go:

...new variants of Crocodilus have the ability to add a specified contact to the victim's contact list upon receiving the command "TRU9MMRHBCRO."

It's suspected that the feature is designed as a countermeasure to new security protections that Google has introduced in Android that alerts users of possible scams when launching banking apps during a screen-sharing session with an unknown contact.

Another new feature is an automated seed phrase collector that makes use of a parser to extract seed phrases and private keys of specific cryptocurrency wallets.

Hacker targets other hackers and gamers with backdoored GitHub code

This is a classic case of then the hunter becomes the haunted. We (the general readers) can take a lesson from this: be wary of compiling any code that you find online. If necessary, use a separate machine that you gave designated for testing purposes only and you have no personal information whatsoever on it.

Here is what's going on:

The researchers found that the Sakura RAT code was essentially nonfunctional but had a PreBuildEvent in the Visual Studio project that downloads and installs malware on the devices of those who attempt to compile it.

Sakura RAT itself received some media attention that sparked interest among curious "script kiddies" who went out looking for it on GitHub. However, when victims download the files, running or building the code triggers a multi-step infection stage.

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

When I hear or read about supply chain attacks, I think of the Solar Wind supply chain attack. Still, I have not read anything that has come close.

I am not providing an excerpt from the article. So, have fun reading.

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, and I'll see you next time.

Comments 3 total

  • АнонимJun 7, 2025

    [hidden by post author]

  • АнонимJun 10, 2025

    [hidden by post author]

  • Michael
    MichaelJun 11, 2025

    Hey! claim your instant a $15 bonus in DuckyBSC crypto today! — Join now! Wallet connection required for reward. 👉 duckybsc.xyz

Add comment