Urgent update for Edge & Chrome, ransomware attacks increase 213%, PDFs being weaponised...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability
Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited.
The latest Microsoft Edge Stable Channel Version 138.0.3351.65 incorporates crucial security patches from the Chromium project, including an urgent fix for CVE-2025-6554, which security researchers have confirmed is being exploited in real-world attacks targeting users worldwide.
Microsoft Edge 138.0.3351.65 released July 1, 2025, with urgent security patches.
CVE-2025-6554 vulnerability is being exploited by cybercriminals in real-world attacks.
Update patches for both Chromium vulnerability (CVE-2025-6554) and Edge-specific issue (CVE-2025-49713).
The most significant security fix in this update addresses CVE-2025-6554, a vulnerability that the Chromium security team has flagged as having active exploits circulating in the wild.
This classification indicates that malicious actors are already leveraging this security flaw to compromise systems, making immediate patching essential for all Microsoft Edge users.
Nessus for Windows Vulnerabilities Enables Overwrite of Arbitrary Local System Files
A newly disclosed security advisory from Tenable reveals serious vulnerabilities in the Nessus vulnerability scanner that could enable attackers to compromise Windows systems through privilege escalation attacks.
The security flaws, affecting all Nessus versions prior to 10.8.5, include a critical Windows-specific vulnerability (CVE-2025-36630) that allows unauthorized file overwrites at SYSTEM privilege level, alongside two additional vulnerabilities in third-party components libxml2 and libxslt.
With CVSSv3 scores ranging from 6.5 to 8.4, these vulnerabilities represent a significant threat to organizations relying on Nessus for security assessments.
The most severe vulnerability, designated CVE-2025-36630, affects Nessus installations on Windows systems prior to version 10.8.5.
This critical flaw enables non-administrative users to overwrite arbitrary local system files using log content with SYSTEM-level privileges, effectively allowing privilege escalation attacks.
The vulnerability carries a CVSSv3 base score of 8.4, categorizing it as high severity with significant potential impact.
The attack vector is characterized as local access with low complexity (AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H), indicating that an attacker requires low-level privileges but no user interaction to exploit the flaw.
The scope is marked as “Changed,” meaning the vulnerability can affect resources beyond its original security context.
Credit for discovering this critical vulnerability goes to security researcher Rishad Sheikh, who reported the issue to Tenable on May 10, 2025.
Cyber Attacks
213% Increase in Ransomware Attacks Targeting Organisations With First Quarter of 2025
The first quarter of 2025 has witnessed an unprecedented surge in ransomware attacks, with 2,314 victims listed across 74 unique data leak sites, representing a staggering 213% increase compared to the 1,086 victims recorded in the same period last year.
This dramatic escalation marks a significant departure from the relatively stable ransomware landscape observed throughout 2024, where threat actors appeared to focus on highly targeted attacks rather than volume-based campaigns.
The ransomware ecosystem has undergone substantial transformation, with 74 active ransomware groups operating data leak sites in Q1 2025, up from 56 variants in the corresponding period of 2024.
This expansion reflects the growing sophistication and diversification of the ransomware-as-a-service (RaaS) model, where cybercriminals lease their malicious software to affiliates who conduct the actual attacks.
The surge has affected organisations across all industry verticals, with industrials, consumer cyclicals, and technology sectors bearing the brunt of these attacks.
Threat Actors Weaponize PDFs to Impersonate Microsoft, DocuSign, Dropbox and More in Phishing Attack
Cybercriminals have significantly escalated their use of PDF attachments as attack vectors, leveraging the trusted document format to impersonate major brands including Microsoft, DocuSign, Dropbox, PayPal, and Adobe in sophisticated phishing campaigns.
These attacks exploit the widespread trust users place in PDF documents, transforming what should be secure file sharing into a gateway for credential theft and financial fraud.
The malicious campaigns operate through multiple attack vectors, with threat actors embedding entire phishing emails within PDF attachments to evade traditional email security filters.
By encapsulating brand logos, fake invoices, and deceptive content directly into PDF files, attackers bypass textual analysis systems that typically flag suspicious email content.
The portable nature of PDFs makes them ideal vehicles for delivering convincing brand impersonations across various platforms and devices.
These attacks have evolved beyond simple email phishing to incorporate telephone-oriented attack delivery (TOAD), also known as callback phishing, where victims receive PDF attachments containing fake invoices or security alerts with embedded phone numbers.
Cisco Talos analysts identified numerous instances where attackers used Voice over Internet Protocol (VoIP) numbers to maintain anonymity while conducting these social engineering operations.
The geographic scope of these campaigns spans globally, with researchers noting concentrated activity targeting users in the United States during the research period from May 5 to June 5, 2025.
In Other News...
AI Crawlers Reshape The Internet With Over 30% of Global Web Traffic
The digital landscape is experiencing a fundamental transformation as artificial intelligence crawlers emerge as dominant forces across the global internet infrastructure.
Recent analysis reveals that automated bots now account for approximately 30% of all worldwide web traffic, marking a significant shift from traditional human-driven internet usage patterns.
This dramatic evolution represents not merely a technological advancement but a complete restructuring of how information flows across digital networks, with AI-powered crawlers increasingly replacing conventional search indexing mechanisms.
The proliferation of AI crawlers stems from the explosive growth in large language model development and deployment, where companies require vast amounts of web data to train and refine their artificial intelligence systems.
Unlike traditional web crawlers that primarily focused on search engine indexing, these new AI-driven bots serve multiple purposes including content analysis, model training, and real-time information retrieval.
The scale of this transformation becomes evident when examining specific crawler performance metrics, where some AI bots have experienced growth rates exceeding 300% within a single year period.
Cloudflare analysts identified this trend through comprehensive monitoring of web traffic patterns across their global network infrastructure.
Their research methodology involved analysing user-agent strings in HTTP requests and matching them against known AI crawler signatures, providing unprecedented visibility into the evolving bot ecosystem.
Microsoft asks users to ignore Windows Firewall config errors
Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update.
These warnings are logged in the Event Viewer as ‘Event 2042’ for Windows Firewall with Advanced Security, with a ‘Config Read Failed’ warning and a ‘More data is available’ message.
Microsoft added that this known issue is caused by a new feature that’s still under development and hasn’t yet been fully integrated with the operating system.
“Following installation of the June 2025 Windows non-security preview update (KB5060829), security event logs might include an error event related to Windows Firewall With Advanced Security, which can be safely ignored,” the company said on the Windows release health dashboard.
“Please note Windows Firewall is expected to function normally, and no action is required to prevent or resolve this error event. This event is related to a feature that is currently under development and not fully implemented.”
These incorrect firewall errors will only appear on Windows 11 24H2 systems, but they shouldn’t impact any Windows processes associated with this event.
Microsoft is currently working on a fix for this known issue and will provide an update when more details are available.
In recent months, Redmond has dealt with similar issues affecting other Windows features, resulting in more erroneous warnings with no actual impact.
In April, the company resolved a bug that caused incorrect BitLocker drive encryption errors on Windows 10 and Windows 11 devices due to a reporting issue. Redmond acknowledged this bug in October and stated that it only impacted managed Windows environments where drive encryption was enforced for the operating system and fixed drives.