Cyber Briefing: 2025.09.23

Chrome patched its sixth zero-day of 2025, while Nimbus Manticore launched a new malware campaign targeting Europe.

Sep 23, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Sixth Zero Day Patched in Chrome 140

Google released an urgent Chrome update to patch a zero-day vulnerability that's actively being exploited. The flaw, a type confusion bug in the V8 JavaScript engine, was reported by Google's Threat Analysis Group (TAG) and is the sixth such zero-day addressed in the browser this year.

2. New Malware Hits Europe by Nimbus Manticore

An Iranian threat group called Nimbus Manticore is using new malware in a sustained campaign targeting organizations in Europe, particularly in the defense, telecommunications, and aviation sectors. The group uses highly customized spear-phishing attacks to trick victims into downloading malware from fake career websites.

3. NPM Package Uses QR Code for Malware

An npm package named 'fezbox' was recently discovered to be stealing cookies by using a QR code. The malicious code is retrieved from a server and hidden within the QR code itself, which the package then processes to execute a cookie-stealing payload.

For more alerts, click here!

💥 Cyber Incidents

4. Stellantis Probes Breach via Third Party

Stellantis is investigating a data breach after a third-party service provider's platform was accessed without authorization, possibly exposing customer contact information. Following unauthorized access to a third-party platform supporting its North American customer service, Stellantis is investigating a data breach that may have compromised customer contact information.

5. ENISA Links Ransomware to Airport Chaos

An EU cybersecurity agency confirmed that a cyberattack caused disruptions at several European airports, and law enforcement is now investigating. A cyberattack on Collins Aerospace, a subsidiary of RTX, disrupted check-in systems at major airports including Heathrow and Brussels, leading to flight delays and manual operations.

6. UXLINK Hackers Gain Admin, Drain Funds

UXLINK, a Web3 social platform, suffered a security breach involving its multisig wallet. The attacker minted a huge number of tokens, which caused the token's price to plummet over 70% as they sold them on decentralized exchanges.

For more incidents, click here!

Click to Report

📢 Cyber News

7. GitHub Enforces 2FA for NPM Security

In response to recent supply chain attacks, GitHub is strengthening its security measures by requiring two-factor authentication (2FA) for publishing on npm, introducing short-lived, granular access tokens, and implementing trusted publishing with OpenID Connect (OIDC). These changes aim to combat token abuse and self-replicating malware by eliminating the need for traditional tokens and providing cryptographic proof of a package's origin.

8. ChatGPT Fooled Into Solving Captchas

SPLX, an AI security platform, showed that they could use prompt injection to trick a ChatGPT agent into solving CAPTCHAs, bypassing its built-in safety policies. The method involved first getting the agent's consent by telling it the CAPTCHAs were fake, then using that conversation as context to convince the agent to solve real ones.

9. $150K Reward for L1TF Reloaded Exploit

In a notable cybersecurity discovery, researchers from Vrije Universiteit Amsterdam successfully exploited a novel vulnerability called L1TF Reloaded, earning a $150,000 bounty. This combined attack leveraged existing CPU flaws—specifically L1TF (Foreshadow) and a half-Spectre gadget—to bypass current cloud security measures and leak sensitive data from virtual machines (VMs) and their co-tenants on public clouds like Google Cloud Platform (GCP).

For more news, click here!

Check Events

📈Cyber Stocks

On Tuesday, September 23, 2025, cybersecurity stocks showed mixed performance as investors balanced optimism around AI-driven offerings and strong ARR guidance with concerns over valuations, competition, and broader market volatility.

Cloudflare (NET) closed at $228.28, up 0.42%, as enthusiasm for its AI-as-a-service strategy and strong enterprise adoption helped offset concerns about its premium valuation.
Rapid7 (RPD) ended at $20.81, up 2.56%, buoyed by recognition as a leader in exposure management and pressure from activist investors to sharpen execution.
CrowdStrike (CRWD) finished at $493.14, down 1.90%, as strong ARR guidance and product momentum were outweighed by valuation concerns and growth-stock market jitters.
SentinelOne (S) settled at $19.20, up 0.47%, supported by its upward revenue forecast tied to AI-powered endpoint demand, though high investor expectations kept gains modest.
Okta (OKTA) closed at $92.38, down 1.07%, pressured by competitive headwinds in identity security despite long-term growth opportunities in AI-driven authentication.

💡 Cyber Tip

🌐 Chrome 140 Update Fixes Sixth Zero Day Vulnerability

Immediately update your Google Chrome browser to the latest version. While Chrome often updates automatically, it's a good practice to manually check and force the update to ensure you are protected as quickly as possible.

✅ What you should do:

Go to Chrome's menu (the three-dot icon in the top right corner)
Navigate to "Help,"
Then select "About Google Chrome”.
This will prompt the browser to check for and install the latest version. Once the update is complete, you will be asked to relaunch the browser.

🔒 Why this matters

This is not a typical security update. It addresses a "zero-day" vulnerability, which is a software flaw that is unknown to the software developer and has already been exploited by attackers in the wild. This particular bug is a "type confusion" flaw in Chrome's core V8 JavaScript engine, which attackers can exploit through malicious websites to gain unauthorized control over your device, potentially leading to remote code execution and data theft.