430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple fixed a zero-day exploited in attacks against Google Chrome users

Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and […]

Apple Signal

Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users.

The vulnerability is an insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 that can allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

ANGLE (Almost Native Graphics Layer Engine) is an open-source graphics engine developed by Google that acts as a compatibility layer between OpenGL ES and other graphics APIs like Direct3D, Vulkan, and Metal.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group reported the vulnerability on June 23, 2025.

This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group reported the vulnerability on June 23, 2025. Google’s TAG team investigates attacks by nation-state actors and commercial spyware vendors. One of these threat actors likely exploited the issue in the wild.

“Google is aware that an exploit for CVE-2025-6558 exists in the wild.” reads the alert published by Google.

“This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party.” reads the advisory published by Apple.

“Processing maliciously crafted web content may lead to an unexpected Safari crash”

Apple released WebKit security updates to address CVE-2025-6558 in the following products:

  • iOS 18.6 and iPadOS 18.6: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia 15.6: Macs running macOS Sequoia
  • iPadOS 17.7.9: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
  • visionOS 2.6: Apple Vision Pro
  • watchOS 11.6: Apple Watch Series 6 and later
  • tvOS 18.6: Apple TV HD and Apple TV 4K (all models)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google Chrome)