This week’s Threat Report: A newly exploited zero-day vulnerability and creative new tactics by threat actors. From Google Chrome and SharePoint exploits to DNS misuse and Microsoft Teams weaponisation, attackers find increasingly covert ways to infiltrate trusted platforms.
Google has released an emergency security update for Chrome after identifying a high-severity vulnerability—tracked as CVE-2025-2342—being actively exploited. This zero-day stems from a use-after-free issue in Chrome’s WebRTC component, which could allow attackers to execute arbitrary code via malicious web pages.
How the Attack Works:
Attackers lure victims to specially crafted websites where malicious scripts exploit the vulnerability, potentially leading to complete system compromise. The exploitation risk is high since WebRTC is widely used for real-time communication (including in telehealth platforms).
Potential Impact:
Remote code execution on victim machines
Malware deployment or data theft
Exposure of sensitive health records via compromised browser sessions
Recommendation:
Immediately update Chrome to version 125.0.6422.142 or later
Use automated update policies across your organisation
Audit browser plugins and restrict access to unknown domains
Consider browser isolation solutions for high-risk users
Threat actors exploit Microsoft Teams' trust-based architecture to deliver the Matanbuchus malware loader through malicious attachments. Once executed, this malware can drop Cobalt Strike, enabling lateral movement and data exfiltration.
Attack Details:
Malicious files (e.g., LNK or DLL) are shared via Teams chats, often appearing as invoices or HR documents. Unsuspecting users execute these files, triggering the download of Matanbuchus and further payloads.
Potential Impact:
Privilege escalation and lateral movement
Credential harvesting and ransomware deployment
Infiltration of sensitive systems in healthcare environments
Recommendation:
Disable file sharing for external Teams users where possible
Train staff on spotting suspicious Teams messages
Implement content disarm and reconstruction (CDR) tools
Use EDR/XDR solutions to detect abnormal Teams behaviour
Microsoft SharePoint has been found to contain a critical remote code execution vulnerability (CVE-2025-2047), now confirmed to be under active exploitation. Attackers are using this flaw to run commands on vulnerable SharePoint servers without authentication.
Technical Insight:
The flaw lies in how SharePoint handles XAML files. When exploited, it can bypass normal security controls and execute attacker-supplied code on the backend, risking full compromise of internal systems.
Potential Impact:
Network infiltration through a single SharePoint instance
Stealthy deployment of backdoors or ransomware
Access to confidential documentation, IP, and patient records
Recommendation:
Patch affected SharePoint servers immediately
Enable auditing for unusual administrative activity
Segregate SharePoint from sensitive networks
Restrict access to SharePoint via internal VPN
Security researchers have uncovered an alarming campaign where threat actors manipulate DNS records—particularly TXT records—to hide and distribute malware. This stealth tactic allows attackers to evade traditional detection systems and execute payloads via benign-looking domains.
How It Works:
TXT records are commonly used for domain verification or email security (e.g., SPF/DKIM), but attackers are now injecting base64-encoded payloads into them. The malware retrieves these records, decodes the payload, and initiates a compromise without touching standard malware delivery channels.
Potential Impact:
Advanced evasion of email and endpoint detection
Persistent backdoor delivery through trusted infrastructure
Attack surface expansion into DNS infrastructure
Recommendation:
Monitor DNS TXT records for anomalies
Block outgoing DNS requests to unknown domains
Use DNS-layer protection tools
Implement Zero Trust principles for network segmentation
Stay ahead of emerging cyber threats with real-time insights from our Threat Intelligence Service. Our updates provide you with critical information on the latest vulnerabilities, attacks, and security trends, all designed to help you protect your business and make informed decisions.
Contact Us to find out more...