Security Bulletin

December 11th, 2025

❓What:

• Google has released emergency security updates for Chrome after discovering and patching an eighth zero-day vulnerability that is actively being exploited in the wild in 2025.

• This vulnerability (tracked internally as issue 466192044) was addressed in Chrome versions 143.0.7499.109/110 for Windows, macOS, and Linux. Google did *not immediately disclose full technical details or a CVE identifier to help prevent further abuse while the update rolls out.

• The flaw was found in the LibANGLE graphics layer translation library, specifically a buffer overflow in the ANGLE Metal renderer caused by improper buffer sizing, which can lead to memory corruption and arbitrary code execution.

November 7th, 2025

❓What:

On November 6, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) released four Industrial Control Systems (ICS) advisories covering major vulnerabilities.

• Adv. ICSA-25-310-01 (Advantech DeviceOn/iEdge ): Devices from Advantech (DeviceOn/iEdge version ≤ 2.0.2) have vulnerabilities that allow someone to upload or manipulate configuration files, traverse directories, or execute commands.

• Adv. ICSA-25-310-02 (Ubia Ubox ): The Ubox (edge/IoT device) fails to adequately protect API credentials, meaning an attacker could connect to backend systems via the device.

October 23rd, 2025

❓ What:

• A massive set of stolen credentials — ~183 million unique username/password combinations — has been added to the free breach-checking service Have I Been Pwned (HIBP).

• These credentials were harvested via infostealer malware (software that secretly steals data from infected machines).

• From that set, ~16.4 million email addresses had never appeared in any prior leak.

September 30th, 2025

❓What:

• KNP Logistics Group (UK, operating 158 years, ~500 trucks) was hit by a ransomware attack by the Akira group after hackers guessed an employee’s weak, internet‑facing password.

• Because no multi-factor authentication (MFA) protected that access, the attackers moved laterally, encrypted systems, and destroyed backups and disaster recovery.

• The ransom demanded was ~£5 million — far more than KNP could pay. The company lost operations, entered administration, and 700 employees lost their jobs.