Originally reported by Security Affairs, The Record
TL;DR
CISA added two Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog, indicating active exploitation. Meanwhile, US and European authorities disrupted the SocksEscort proxy service that infected 360,000 devices since 2020.
CISA adding vulnerabilities to the KEV catalog indicates confirmed active exploitation, which represents critical risk to organizations.
Multiple developments across the cybersecurity landscape this week highlight ongoing threats to enterprise environments and critical infrastructure, from actively exploited browser vulnerabilities to coordinated law enforcement actions against cybercriminal infrastructure.
The US Cybersecurity and Infrastructure Security Agency added two Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling confirmed active exploitation in the wild. The KEV catalog inclusion triggers mandatory patching requirements for federal agencies under Binding Operational Directive 22-01.
Google released security updates addressing the high-severity vulnerabilities earlier this week. Organizations running Chrome in enterprise environments should prioritize immediate deployment of the latest browser version to mitigate active exploitation risks.
The addition to CISA's KEV catalog indicates threat actors are successfully leveraging these browser flaws against real targets, making patching a critical priority for security teams.
US and European authorities coordinated to disrupt SocksEscort, a malicious proxy service powered by the AVrecon botnet that operated since 2020. The operation compromised approximately 360,000 devices globally, providing cybercriminals with anonymized network access for various malicious activities.
The SocksEscort service allowed threat actors to route traffic through infected residential and corporate devices, complicating attribution and detection efforts. Law enforcement's coordinated takedown demonstrates increasing international cooperation against cybercriminal infrastructure.
The disruption affects a significant proxy network that criminal actors relied on for anonymity during attacks, potentially disrupting ongoing campaigns across multiple threat groups.
Federal prosecutors charged an incident response professional with conducting cyberattacks and assisting ransomware operators in negotiating higher payments from the same victims the responder was contracted to help. The case involves the BlackCat ransomware operation, one of the most prolific ransomware-as-a-service groups.
The allegations highlight a serious breach of trust in the incident response industry, where professionals gain privileged access to victim networks and sensitive information about organizational capabilities and insurance coverage. Such insider threats pose significant risks to the cybersecurity consulting ecosystem.
The case underscores the need for enhanced vetting and monitoring of third-party incident response providers, particularly during active ransomware incidents where financial and operational pressures are highest.
New York state finalized cybersecurity regulations for water and wastewater organizations, set to take effect in 2027. The rules mandate cybersecurity training for certified operators, incident response planning, and breach reporting requirements.
The regulations address growing concerns about critical infrastructure security following multiple attacks targeting water systems. The requirements align with federal guidance from CISA and EPA regarding water sector cybersecurity resilience.
Water utilities in New York will need to implement comprehensive cybersecurity programs, including employee training, network segmentation, and incident response capabilities to comply with the new mandates.
The European Council added provisions to the AI Act specifically prohibiting AI tools that generate non-consensual sexual content and child sexual abuse material. The amendment targets "nudification" applications that create explicit imagery without consent.
The proposal addresses growing concerns about malicious AI applications that enable harassment, extortion, and abuse. Implementation would require AI developers to implement technical safeguards against misuse of their systems.
The regulatory development signals increasing scrutiny of AI applications with potential for harm, particularly those that can be weaponized for criminal activities or privacy violations.
Originally reported by Security Affairs, The Record