InfoSecBulletin Cybersecurity for mankind
Apple released security updates to fix a serious vulnerability exploited in zero-day attacks on Google Chrome users. CVE-2025-6558 is a security vulnerability caused by improper validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine). This open-source graphics layer manages GPU commands and converts OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL.
Remote attackers can exploit this vulnerability to execute arbitrary code in the browser’s GPU process using specially crafted HTML pages, which might allow them to break out of the sandbox protecting browser processes from the OS.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Vlad Stolyarov and Clément Lecigne of Google’s Threat Analysis Group (TAG), a team of security experts dedicated to defending Google customers against state-sponsored attacks, discovered CVE-2025-6558 in June and reported it to the Google Chrome team, who patched it on July 15 and tagged it as actively exploited in attacks.
While Google has yet to provide further information on these attacks, Google TAG frequently discovers zero-day flaws exploited by government-sponsored threat actors in targeted campaigns aimed at deploying spyware on devices of high-risk individuals, including dissidents, opposition politicians, and journalists.
On Tuesday, Apple issued security updates for WebKit to fix the CVE-2025-6558 vulnerability.
iOS 18.6 and iPadOS 18.6: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
macOS Sequoia 15.6: Macs running macOS Sequoia
iPadOS 17.7.9: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
tvOS 18.6: Apple TV HD and Apple TV 4K (all models)
visionOS 2.6: Apple Vision Pro
watchOS 11.6: Apple Watch Series 6 and later
“Processing maliciously crafted web content may lead to an unexpected Safari crash,” Apple explained when describing the impact of CVE-2025-6558 successful exploitation. “This is a vulnerability in open source code and Apple Software is among the affected projects.”
On July 22, the U.S. cyber defense agency also listed this security bug as being exploited in attacks, urging federal agencies to update their software by August 12.
BOD 22-01 requires federal agencies to secure their systems, but CISA urges all network defenders to quickly patch the CVE-2025-6558 vulnerability.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned last week.
Apple has fixed five zero-day vulnerabilities that were exploited in targeted attacks this year. These include one in January (CVE-2025-24085), one in February (CVE-2025-24200), one in March (CVE-2025-24201), and two in April (CVE-2025-31200 and CVE-2025-31201).
