cybersecurity

This Week in Security: SharePoint Zero-Day, Chrome Exploit, and More

Today in Tech

Today in Tech

2 min read
Vulnerability Assessment: Over 375 Royalty-Free Licensable Stock ...
Vulnerability Assessment: Over 375 Royalty-Free Licensable Stock ...

This Week in Security: SharePoint Zero-Day, Chrome Exploit, and More

Stay informed about the latest cybersecurity threats and vulnerabilities. This week's recap includes critical issues affecting SharePoint, Chrome, macOS, and NVIDIA, ensuring you're up-to-date on the most pressing security concerns.

Vulnerability Assessment: Over 375 Royalty-Free Licensable Stock ...

Vulnerability Assessment: Over 375 Royalty-Free Licensable Stock ...

SharePoint Zero-Day Vulnerability (CVE-2025-53770)

A critical zero-day vulnerability, CVE-2025-53770, is actively being exploited in Microsoft SharePoint servers. This vulnerability allows unauthenticated attackers to execute arbitrary code on affected on-premises SharePoint Server 2016, 2019, and Subscription Edition servers. The exploit chain, dubbed "ToolShell," poses a significant risk to organizations using these SharePoint versions. It is crucial to apply the latest security updates from Microsoft to mitigate this threat. This vulnerability has a severity rating of 9.8 out of 10, highlighting the urgency of patching.

  • Impact: Remote code execution, potentially leading to full system compromise.
  • Affected Versions: SharePoint Server 2016, 2019, and Subscription Edition.
  • Mitigation: Apply the latest security updates from Microsoft.

Chrome Exploit (CVE-2025-8292)

A high-severity vulnerability, CVE-2025-8292, has been identified in Google Chrome. This "use-after-free" vulnerability in Chrome's Media Stream component could allow for arbitrary code execution. Google has released a security update (version 138) to address this issue. Users are strongly advised to update their Chrome browsers to the latest version to protect against potential attacks. It's also important to be cautious of Chrome extensions, as some malicious extensions can compromise user data.

  • Impact: Arbitrary code execution.
  • Affected Component: Chrome's Media Stream.
  • Mitigation: Update Chrome to the latest version.

macOS Spyware

New macOS spyware variants are emerging, capable of persistent infection and data theft. One example is the "Cuckoo" spyware, which targets both Intel and Arm-based Macs. These spyware threats often employ sophisticated techniques to bypass security protections and remain undetected. Users should exercise caution when downloading software from untrusted sources and keep their macOS systems up to date with the latest security patches. CloudMensis is another example of macOS spyware that uses cloud storage for command and control and data exfiltration.

  • Impact: Data theft, covert surveillance.
  • Examples: Cuckoo, CloudMensis.
  • Mitigation: Download software from trusted sources, keep macOS updated.

NVIDIA Toolkit RCE

While the prompt mentions an NVIDIA toolkit RCE, the search results primarily point to the SharePoint RCE (ToolShell) and other vulnerabilities. Further investigation is needed to confirm the existence and details of a specific RCE vulnerability within an NVIDIA toolkit. However, it's always a good practice to keep all software and development tools updated to the latest versions to minimize potential security risks. NVIDIA also has a bug bounty program with Intigriti.

Key Takeaways

  • Stay vigilant about applying security updates for all software, including operating systems, browsers, and server applications.
  • Exercise caution when downloading software or browser extensions from untrusted sources.
  • Monitor security advisories and news for the latest vulnerability information.
  • Implement a robust security strategy that includes regular security assessments and employee training.

References

Read more