Last week saw significant security updates, with Google addressing a critical zero-day vulnerability in Chrome (CVE-2025-6558) that was actively exploited by attackers. This marks the fifth such patch by Google this year. Additionally, Fortinet’s FortiWeb faced a critical SQL injection flaw (CVE-2025-25257), with public proof-of-concept exploits urging users to patch quickly. Cybersecurity experts also reflected on the unexpected challenges of 2025, highlighting new tactics by threat groups. SonicWall’s SMA devices were found to be persistently infected with a stealthy backdoor, while vulnerabilities in Gigabyte motherboard firmware posed risks of bootkit installations. Other discussions included strategic approaches to DevSecOps, the importance of comprehensive security programs, and the evolving landscape of connected vehicles and digital operations. Open-source tools like Falco and pqcscan were spotlighted for their contributions to cloud-native security and post-quantum cryptography. Meanwhile, the cybersecurity job market continues to offer diverse opportunities, and new product releases from industry leaders were showcased.
What major security vulnerabilities were addressed last week?
