CVE-2025-6554 is a Type Confusion vulnerability in the Google Chrome V8 JavaScript engine. Type Confusion is a common class of memory corruption vulnerabilities that can lead to unsafe memory operations when a program incorrectly interprets one data type as another, allowing an attacker to execute arbitrary code on the victim's system.

In 2025, industrial control system security will face unprecedented challenges, mainly in the form of two-way risks of technological innovation and theft, double hazards brought about by the coexistence of old and new technologies, intensified supply chain security crises, as well as zero-day loopholes and stealth strategy failures

The Apple iMessage Zero-Click vulnerability allows an attacker to remotely compromise a device by sending a maliciously crafted iMessage message without user interaction. It has been exploited by Graphite spyware to launch attacks against journalists.

The vulnerability stems from the V8 TurboFan compiler's incorrect handling of dynamic index loading when performing store-store elimination optimization, which leads to misclassification of alias relationships and incorrect elimination of critical store operations, which in turn leads to memory access out-of-bounds. An attacker can construct a specially crafted HTML page to induce user access, trigger malicious JavaScript code execution, exploit the vulnerability to achieve remote code execution and sandbox escape, and ultimately take full control of the victim's device.

Aim Security has discovered the "EchoLeak" vulnerability, which exploits a design flaw typical of RAG Copilot, allowing an attacker to automatically steal any data in the context of M365 Copilot without relying on specific user behavior. The main attack chain consists of three different vulnerabilities, but Aim Labs has identified other vulnerabilities during its research that may enable exploitation.

Digitization has brought enormous economic and social benefits, but our growing reliance on digital technologies also poses significant risks. This is also the case in developing countries, where the pace of digitization often outstrips the necessary investment and attention required to build cyberresilience, which can lead to debilitating consequences.

Law of the People's Republic of China on the Protection of Personal Information (effective November 1, 2021)

Articles 54 and 64: Provide the basic legal framework for personal information protection compliance audits, requiring companies to proactively fulfill their auditing obligations and cooperate with supervision.

Regulations on Network Data Security Management (effective January 1, 2025)

Article 27: To further refine the auditing requirements, network data processors shall periodically conduct compliance audits, either on their own or by commissioning professional organizations, of their handling of personal information in compliance with laws and administrative regulations.

Measures for the Management of Compliance Audits on Personal Information Protection (issued on February 14, 2025, effective May 1, 2025)

The first supporting rules for personal information protection compliance audits were formalized.

The Global State of DevSecOps Survey Report 2024 reveals key trends and challenges in the DevSecOps space, based on a survey of more than 1,000 global developers, security, and operations personnel, with key data highlights

82% organizations use 6-20 security tools.
Test results for 60% contain noise from 21%-60%.
Only 24% of respondents were "extremely confident" in AI code protection.
Organizations in 86% believe that security testing slows down development.

A new proof of concept (PoC), identified as CVE-2025-21298, has been released for a Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE).

A recently disclosed vulnerability in the popular file archiving software 7-Zip (No. CVE-2025-0411) This vulnerability allows remote attackers to bypass Windows' Mark-of-the-Web (MOTW) protection mechanism, potentially executing arbitrary code on affected systems.