Infosec bits for 2025 week 20

Heloise Meyer | May 16, 2025, 2:33 p.m.

Cybersecurity News:

Catching a phish with many faces [Camilo Gutiérrez Amaya, ESET]

You think ransomware is bad now? Wait until it infects CPUs [Jessica Lyons, The Register]

AI, Agents, and the Future of Cyber Security [Brendan Mangus, Check Point]

Why CVSS is failing us and what we can do about it [Sıla Özeren, The Register]

Vulnerabilities and Patches:

Vulnerabilities Patched by Juniper, VMware and Zoom [Ionut Arghire, SecurityWeek]

May 2025 Patch Tuesday Analysis [Tyler Reguly, Tripwire]

Fortinet fixes critical zero-day exploited in FortiVoice attacks [Sergiu Gatlan, BleepingComputer]

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy [Ravie Lakshmanan, The Hacker News]

Windows Zero-Day Bug Exploited for Browser-Led RCE [Tara Seals, DarkReading]

Node.js Vulnerability Allows Attackers to Crash the Process & Halt Services [Kaaviya, Cyber Security News]

Malware:

Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts [Deeba Ahmed, Hack Read]

Excel(ent) Obfuscation: Regex Gone Rogue [Ido Kringel, Deep Instinct]

New 'Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions [Kevin Poireault, Infosecurity Magazine]

Cyberattacks:

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails [Ravie Lakshmanan, The Hacker News]