top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #156 - June 30, 2025

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Source: The Hacker News

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.




Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

Source: Security Week

A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. A popular form builder plugin with more than 600,000 active installations, Forminator supports the creation of various types of forms, including contact and payment forms, polls, and more.




Over 260K exposed in St. Louis healthcare hack

Source: Cyber News

Esse Health, one of the largest independent primary care groups in the Midwest, has suffered a hacker attack. Attackers were able to access a trove of sensitive and personal patient data. Unknown attackers penetrated the primary care provider in late April of this year, accessing and stealing files that contained sensitive patient data, Esse Health said in a breach notification sent out to numerous potential victims.




Infrastructure Operators Leaving Control Systems Exposed

Source: Info Risk Today

Heavily-used types of industrial control systems continue to be publicly accessible over the internet, often exposed by critical infrastructure operators in the United States. A risky move to begin with, such exposure can be particularly perilous in light of mounting geopolitical tensions that make the devices high-value targets for nation-state hackers.




Attackers Impersonate Top Brands in Callback Phishing

Source: Dark Reading

Hackers are impersonating Microsoft, PayPal, Docusign, and other familiar brands in callback phishing scams aimed at stealing confidential information or delivering malware. These attacks trade the use of typical fake websites or links used in traditional phishing campaigns for a vector in which the victim calls the attacker on the phone themselves, believing they must handle an important transaction.


 
 

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page