This week’s report: a Chrome zero-day already being exploited, WhatsApp scams siphoning hundreds of thousands of pounds, and ShinyHunters-linked breaches resurfacing. With urgent patch-now flaws and cybercrime tied to international money laundering also in play. Below is what you need to know, and what they mean for your organisation...
Chrome Zero-Day Vulnerability Actively Exploited (CVE-2025-13223)
Google has issued an emergency security update for Chrome to address a critical zero-day vulnerability that attackers are actively exploiting in the wild. This type confusion bug in Chrome's V8 JavaScript engine allows remote attackers to execute malicious code on victims' computers without any user interaction.
What Happened?
The vulnerability, tracked as CVE-2025-13223, was discovered by Google's Threat Analysis Group on 12 November 2025. Within less than a week, attackers were already using it in real-world attacks. The flaw affects Chrome's V8 engine, which processes JavaScript code. When the engine misinterprets data types, it creates memory corruption that attackers can exploit to bypass Chrome's security protections, steal information, or install malware on the victim's device.
Chrome is the world's most popular web browser, used by over 65 percent of internet users globally. This makes it an extremely attractive target for cybercriminals and state-sponsored hacking groups. For UK organisations, especially those in healthcare and government sectors, a compromised browser can provide attackers with access to sensitive systems, patient data, financial information, and confidential communications. The involvement of Google's Threat Analysis Group suggests this vulnerability may be linked to advanced persistent threats or state-sponsored espionage operations.
Recommendations
- Update Chrome immediately to version 142.0.7444.175 (Windows/Linux) or 142.0.7444.176 (Mac).
- Enable automatic updates in Chrome to ensure future patches are applied promptly.
- Implement browser security policies that restrict access to untrusted websites.
- Monitor network traffic for suspicious activity that could indicate exploitation attempts.
- Consider deploying endpoint detection and response (EDR) solutions to identify compromised systems.
WhatsApp Screen-Sharing Scam Costs Victims Hundreds of Thousands
A dangerous social engineering scam targeting WhatsApp users has emerged as one of the fastest-growing threats worldwide. The scheme exploits WhatsApp's screen-sharing feature to trick users into revealing sensitive financial and personal information, with one documented case in Hong Kong resulting in a loss of 5.5 million Hong Kong dollars (approximately £560,000).
What Happened?
Attackers place unsolicited WhatsApp video calls, impersonating bank representatives, Meta support staff, or distressed family members. They spoof local phone numbers and disable their video feeds to hide their identity. The scammers create a false sense of urgency by claiming there are unauthorised charges on credit cards, suspicious account activity, or urgent verification issues requiring immediate action. Once the victim agrees to share their screen, the attacker gains complete visibility into the device, observing passwords, two-factor authentication codes, banking applications, and personal messages in real time. Victims are often tricked into installing remote access tools like AnyDesk or TeamViewer, giving attackers full control of the device.
This scam has been reported across the UK, India, Hong Kong, and Brazil, demonstrating its global reach. For UK organisations, particularly those where staff may use personal devices for work-related communications, this threat poses significant risks. Compromised devices can provide attackers with access to organisational systems, patient records, and sensitive business information. The cascading nature of the attack, where hijacked accounts are used to target the victim's contacts, can rapidly spread the scam throughout an organisation or professional network.
Recommendations
- Train all staff to never share their screen with unknown callers, regardless of how urgent the request seems.
- Enable two-step verification in WhatsApp (Settings → Account → Two-step verification).
- Verify any alarming information independently through official channels before taking action.
- Implement mobile device management (MDM) policies that restrict the installation of remote access applications.
- Conduct regular security awareness training focused on social engineering and phishing tactics.
ShinyHunters Linked to Salesforce/Gainsight Data Breach
The notorious hacker group ShinyHunters has been linked to a major data breach involving Salesforce's Gainsight platform, impacting over 200 organisations. The group claimed to have accessed sensitive customer data approximately three months ago and continues to exploit vulnerabilities in the platform.
What Happened?
ShinyHunters successfully infiltrated Gainsight, a customer success software platform used by many businesses worldwide, including organisations in the UK. The breach exposed sensitive customer information and left affected organisations vulnerable to further attacks, such as targeted phishing campaigns or ransomware deployment. The persistence of ShinyHunters and their public statements about the breach demonstrate their ongoing targeting of Salesforce-related platforms.
Salesforce and its associated platforms are widely used by UK businesses for managing customer relationships and patient engagement. A breach of this nature can lead to exposure of patient or client information, significant regulatory penalties under GDPR, reputational damage, and loss of customer trust. The continued activity of ShinyHunters signals the need for organisations to maintain continuous monitoring for indicators of compromise and to have robust incident response capabilities ready.
Recommendations
- Conduct thorough security audits of all third-party vendor platforms, particularly cloud-based services.
- Update vendor contracts to include mandatory breach notification clauses and security requirements.
- Implement multi-factor authentication and strict access controls on all cloud platforms.
- Monitor threat intelligence feeds for indicators of compromise linked to ShinyHunters and similar groups.
- Provide cybersecurity awareness training focused on recognising phishing and social engineering attempts.
Russia-Linked Cybercrime Network Launders Funds Through UK Bank Purchase
UK police have uncovered a complex scheme where Russia-linked cybercriminals allegedly purchased a UK-based bank to launder money stolen through cyberattacks. This operation is tied to sanctions-busting networks that support Moscow's war economy and demonstrates the sophisticated methods criminals use to legitimise illicit funds.
What Happened?
The cybercrime group bought a legitimate street-level banking institution in the UK, using it as a front to clean proceeds from cyber theft and other illicit activities. This method allows criminals to integrate illegal funds into the financial system with reduced scrutiny, as the transactions appear to originate from a legitimate financial institution. The operation demonstrates the convergence of cybercrime, organised crime, and geopolitical conflict.
UK financial institutions and regulatory bodies must remain vigilant against such insider threats and sophisticated money laundering tactics. Healthcare and government sectors could be indirectly impacted, as such operations undermine financial stability and may be linked to funding hostile cyber operations targeting UK critical national infrastructure. The use of legitimate institutions for criminal purposes also erodes public trust in the financial system.
Recommendations
- Strengthen Anti-Money Laundering (AML) controls and Know Your Customer (KYC) procedures within UK financial institutions.
- Collaborate with law enforcement and intelligence agencies to share threat intelligence on organised cybercrime networks.
- Enhance detection capabilities for unusual financial transactions that may be linked to cybercrime proceeds.
- Increase cybersecurity and financial crime awareness among employees in the financial sector.
- Implement enhanced due diligence for corporate acquisitions and ownership changes in financial institutions.
Taken together, these incidents show how quickly technical exploits, social engineering, and organised cybercrime merge, making rapid patching, user awareness, and third-party vigilance essential.