News

EY Data Leak and Critical Vulnerabilities in BIND 9 and Chrome Fixed

Luciano Ferrari

03 Nov 2025 — 2 min read

Monday, November 3, 2025

Top 5 Cybersecurity Stories You Should Know

EY Data Leak and Critical Vulnerabilities in BIND 9 and Chrome Fixed — tl;dr: This week's cybersecurity update highlights a significant data leak at EY and critical vulnerabilities in BIND 9 and Chrome. The ISC has patched CVE-2025-5470, a DoS vulnerability in BIND 9 that could lead to server crashes, urging immediate updates for DNS servers. Google addressed CVE-2025-5482, a zero-day in Chrome's V8 engine, allowing code execution via malicious sites. Organizations must prioritize these updates to mitigate risks, alongside enhancing endpoint detection and adopting zero-trust models to combat advanced threats, including the Aardvark backdoor targeting financial sectors.
↪ https://cybersecuritynews.com/cybersecurity-news-weekly-newsletter/
Google Patches Actively Exploited Chrome Zero-Day CVE-2025-6558 — tl;dr: Google has released a critical security update for Chrome, addressing six vulnerabilities, including the actively exploited zero-day CVE-2025-6558, rated 8.8 in severity. This flaw allows attackers to escape the browser's sandbox via a specially crafted HTML page, potentially executing arbitrary code. Users are urged to update Chrome to version 138.0.7204.157 or .158 immediately to mitigate risks. This marks the fifth actively exploited flaw fixed in Chrome this year, highlighting the importance of timely updates to protect against emerging threats.
↪ https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/
Data Breach at NY Business Council Affects Over 47,000 Individuals — tl;dr: The Business Council of New York State reported a data breach affecting approximately 47,329 individuals due to an external system intrusion detected on August 4, 2025. The breach, which occurred on February 24, 2025, likely involved unauthorized access to sensitive personal identifiable information (PII) through unpatched vulnerabilities or phishing attacks. This incident underscores the importance of robust cybersecurity measures, including regular penetration testing and timely patch management. Affected individuals are advised to monitor their financial activities for signs of identity theft while the organization enhances its cybersecurity posture.
↪ https://gbhackers.com/47000-individuals-affected-by-data-breach/
AT&T Data Breach: Guidance for Affected Customers — tl;dr: The recent AT&T data breach has raised concerns for affected customers regarding the security of their personal information. Customers may be at risk of identity theft and should take immediate steps to protect themselves, such as monitoring their accounts, changing passwords, and considering credit monitoring services. AT&T has not disclosed the extent of the breach, but affected users are advised to stay vigilant and report any suspicious activity. For further assistance, customers can reach out to AT&T's customer service and follow their guidelines for safeguarding personal data.
↪ https://www.itsecuritynews.info/att-data-breach-whats-next-for-affected-customers/
Dutch Intelligence Uncovers New Russian APT 'Laundry Bear' Targeting NATO — tl;dr: Dutch intelligence agencies AIVD and MIVD have identified a new Russian cyber-espionage group named 'Laundry Bear,' which emerged in mid-2024. This group primarily targets military and diplomatic entities in NATO countries to support Russia's war efforts in Ukraine. Their tactics include credential theft from infostealer shops and spear-phishing attacks. As the group evolves, its methods are expected to become more sophisticated. Organizations in the defense sector and related industries should enhance their cybersecurity measures by implementing robust credential management and monitoring systems to mitigate risks associated with this emerging threat.
↪ https://news.risky.biz/risky-bulletin-dutch-intelligence-discover-a-new-russian-apt/