Home 
Cyber adversaries intensified efforts this week with two new exploited zero-days, multiple critical vulnerabilities, and fresh ransomware-as-a-service (RaaS) operations adopting AI-driven negotiation panels. The following pages provide an exhaustive, technically focused brief for CISOs and security engineering teams. Modern attack surface expansion and rapid exploit adoption defined the last seven days.
- Google patched and confirmed in-the-wild exploitation of Chrome zero-day CVE-2025-6558, a sandbox-escape flaw in ANGLE/GPU.
- Big Sleep, Google’s LLM-assisted fuzzing agent, uncovered CVE-2025-6965 in SQLite and blocked live exploitation attempts before public disclosure.
- Cisco disclosed CVE-2025-20337 (CVSS 10.0) in Identity Services Engine (ISE); unauthenticated API calls permit root compromise.
- Wing FTP Server CVE-2025-47812 is under active exploitation to drop web shells, with Shadowserver confirming 77 infected hosts as of 15 July.
- GLOBAL GROUP RaaS—an AI-enabled rebrand of BlackLock—claimed seventeen victims across four continents and offers 85% revenue share to affiliates.
- Prompt-injection weaknesses in Google Gemini enable invisible phishing payloads that bypass user review.
- Dark-web leak sites recorded ninety-three new claims on 14 July alone, led by NoName057(16) and INC Ransom.
>>Outpace Attackers With AI-Based Automated Penetration Testing
New Hacking Techniques
1. AI-Assisted Negotiation Chatbots in Ransomware Panels
GLOBAL GROUP’s affiliate portal embeds multilingual, GPT-style chatbots that dynamically adjust ransom demands based on victim geography and sector. The bot analyses leaked data volume, cryptocurrency volatility, and Shodan exposure to optimise price elasticity.
2. Invisible Prompt-Injection (Gemini “White-on-White”)
0din researchers weaponised hidden HTML spans to pass “admin” instructions to Gemini summaries, generating spoofed Google security alerts without victim visibility.
3. Sandbox-Escape via GPU Command Stream
CVE-2025-6558 abuses unvalidated ANGLE inputs to craft GPU command buffers that break Chrome’s broker boundary and pivot into kernel GPU drivers on Windows and macOS.
4. Password Prediction in Windows dMSAs
A design flaw in delegated Managed Service Accounts (dMSAs) allows cross-domain credential forging by brute-forcing predictable 1,024-value timestamps, enabling persistent Kerberos lateral movement.
New Critical Attack Techniques & CVEs
| CVE | Component | CVSS | Exploit Status | Technical Vector | Patch Status |
| CVE-2025-6558 | Chrome ANGLE/GPU | 8.8 | Exploited in wild | Insufficient input validation → heap corruption → sandbox escape | Chrome 138.0.7204.157+ |
| CVE-2025-6965 | SQLite ≤3.50.1 | 7.2 | Attempted, foiled | Aggregate-term overflow → OOB read/write | SQLite 3.50.2 |
| CVE-2025-20337 | Cisco ISE API | 10.0 | PoC public | Crafted REST call → root RCE | Fixed in 3.3-P7 / 3.4-P2 |
| CVE-2025-47812 | Wing FTP Server ≤7.4.3 | 9.8 | Actively exploited | Directory traversal → exec command injection | Update 7.4.4 |
| CVE-2025-5309 | BeyondTrust RS/PRA | 8.6 | Limited exploit | SSTI in chat template → unauth RCE | Cloud hot-fixed; on-prem 24.2.1 |
| CVE-2025-5777 | Citrix NetScaler Gateway | 9.3 | Mass-scanned | Memory bleed → session token hijack | 14.1-43.56, 13.1-58.32 |
Dark-Web Intelligence Pulse
Data-Leak Ecosystem Activity (11-17 July)
| Date | Claims | Dominant Crew | Notable Victims (Sector) | Observed Payload Size |
| 12 Jul | 78 | Qilin | Oil-and-Gas Fabricator (AU) | 290 GB |
| 14 Jul | 93 | NoName057(16) | Multiple US government portals | N/A |
| 15 Jul | 41 | DragonForce | Belk Department Stores (US retail) | 156 GB |
| 16 Jul | 27 | GLOBAL GROUP | BPO conglomerate (EU) | 410 GB |
| 17 Jul | 19 | INC Ransom | Mid-size hospital network (US) | 31 GB |
Threat Attack Daily screenshots (Figure A) show an 18% week-over-week rise in DDoS extortion notes targeting logistics providers, corroborating chatter on Ramp4u.
Incident Deep Dives
1. Google Chrome Zero-Day (CVE-2025-6558) — 16 July 2025
Overview
TAG detected active exploitation of Chrome’s ANGLE/GPU stack enabling sandbox escape across Windows, macOS, and Linux.
Technical Explanation
- Crafted WebGL shaders inject malicious commands into ANGLE, bypassing parameter checks.
- Heap pointer manipulation grants write primitives inside GPU process; attackers abuse Mojo IPC to migrate a ROP chain into the browser process.
- On Windows, a secondary exploit chain elevates to SYSTEM via Dxgkrnl GPU scheduling flaw (not yet patched).
Impact / Risk
Drive-by compromise possible via malvertising campaigns; threat actors can gain OS-level persistence without user interaction, undermining VDI and browser isolation deployments.
Takeaway for CISO
Mandate forced browser restarts to ensure patch consumption, deploy exploit-mitigation rules in EDR for angle::Context::drawArrays anomalies, and consider micro-VM browser isolation for privileged users.
2. SQLite Memory Corruption Thwarted (CVE-2025-6965) — 17 July 2025
Overview
Google’s Big Sleep proactively discovered and reported a previously unknown OOB read in SQLite, blocking imminent exploitation.
Technical Explanation
Integer overflow arises when aggregate functions >64 collide with internal column-count, causing buffer over-indexing during SELECT processing. Big Sleep’s LLM directed targeted input mutations to reach the flawed parser path.
Impact / Risk
Embedded copies of SQLite in mobile apps (Android, iOS) and Electron frameworks inherit the flaw; exploitation yields arbitrary read leading to ASLR bypass for chained RCE.
Takeaway for CISO
Initiate SBOM-driven inventory of embedded SQLite, compile with -DSQLITE_ENABLE_MEMSYS5 hardened allocator, and accelerate DevSecOps rebuild pipelines.
3. Cisco ISE Root RCE (CVE-2025-20337) — 17 July 2025
Overview
Unauthenticated attackers can post a single JSON payload to a hidden REST endpoint, spawning a Bash reverse shell as root.
Technical Explanation
- API silently deserialises user-supplied Python Pickle objects.
- Pickle opcode “REDUCE” triggers os.system().
- SELinux is disabled in default ova; exploit chain completes in <1s.
Impact / Risk
ISE commonly authenticates 802.1X across campus networks; compromise allows rogue certificate issuance, policy manipulation, and stealth traffic mirroring.
Takeaway for CISO
Patch immediately, rotate pxGrid certificates, audit TACACS model changes, and enable Cisco telemetry to detect abnormal config-set events.
4. Wing FTP Server Exploitation (CVE-2025-47812) — 11-15 July 2025
Overview
Huntress observed weaponised PoC drop “cmd.jsp” web shells into /AdminLogin as early as 11 July. Shadowserver confirms infections across 20 countries.
Technical Explanation
Format-string mishandling in Sprintf() of hostname parameter enables arbitrary file write. Attackers deliver JSP loader that fetches Go-based XMRig miner, establishing netcat-like backdoors on port 8082.
Impact / Risk
Lateral pivot possible via credential harvest in ftpd.db; critical for SaaS suppliers using Wing for data-exchange.
Takeaway for CISO
Block external port 5466, enable log-schema-based SIEM alerts on “%x%x%x” patterns, and replace legacy FTP with SFTP/S3.
5. GLOBAL GROUP RaaS Expansion — 14 July 2025
Overview
Rebrand of BlackLock launched AI negotiation panels and hit seventeen organisations in healthcare, oil, and BPO verticals since 8 July.
Technical Explanation
- Initial access via mass-scan of unpatched Palo Alto PAN-OS 10.2.6-h1 (CVE-2024-9655).
- Python-based loader “zodiac.py” deploys Go locker compiled per-victim.
- Locker supports VMware ESXi, BSD, NAS.
- Negotiation portal integrates GPT-4-Turbo to translate chats.
Impact / Risk
85% affiliate profit cut incentivises rapid adoption; AI negotiation reduces language barrier, broadening target pool.
Takeaway for CISO
Monitor for zodiac.py hashes, enforce MFA on FW management, and rehearse extortion negotiation playbooks including AI-assisted chat analysis.
6. Google Gemini Prompt-Injection — 15 July 2025
Overview
0din flagged invisible prompt-injection enabling threat actors to embed malicious admin commands inside benign email bodies.
Technical Explanation
Gemini prioritises hidden “white-on-white” HTML spans containing “/admin” instructions. When user selects “Summarise this email,” the model executes the hidden directive, outputting fraudulent security alert with callback phone number.
Impact / Risk
Bypasses secure email gateways; high-confidence phishing underscores necessity for AI content sanitisation.
Takeaway for CISO
Enforce client-side HTML sanitisation prior to LLM summarisation, disable Labs > Summarise This Email for high-risk groups, and deploy LLM firewalls.
Outpace Attackers With AI-Based Automate Penetration Testing With FireCompass:
FireCompass is a single platform for AI-Powered Continuous Automated Red Teaming (CART), Pen Testing & NextGen Attack Surface Management
