Top 5 Cybersecurity Events This Week from Jet CSIRT: Critical Vulnerabilities and Emerging Threats

Today’s top five highlights include: a critical vulnerability fix in Mozilla’s browser, a zero-day vulnerability in Chrome, a serious vulnerability in the Exim mail transfer agent, a patch for a zero-day flaw in Windows Explorer, and antivirus challenges against new Android malware.

Critical vulnerability fix in Mozilla browser

Mozilla has released a security update for Firefox versions 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1, addressing vulnerability CVE-2025-2857 (CVSS: 10.0). This issue could lead to a sandbox escape on Windows systems. The flaw was identified in Firefox’s inter-process communication (IPC) code. If exploited, a compromised child process could gain privileged access, bypassing sandbox protection. Firefox users are strongly urged to update their versions immediately to safeguard against potential threats.

Zero-day vulnerability fix in Chrome

Google has issued an update for the stable version of Chrome (134.0.6998.177/.178) that resolves vulnerability CVE-2025-2783 (CVSS: 8.3). This vulnerability stems from improper handling of descriptors in the Mojo component on Windows, which could be exploited for privilege escalation. Reports indicate that this flaw was observed as part of advanced targeted attacks on Russian educational and governmental institutions. Users are strongly advised to update their browsers to mitigate any risks.

Critical vulnerability found in Exim mail transfer agent

Trend Micro researchers identified a critical vulnerability CVE-2025-30232 (CVSS: 8.1) in Exim, relating to a use-after-free memory error. This flaw could enable privilege escalation and potentially compromise the entire server under certain conditions. The issue affects Exim versions 4.96, 4.97, 4.98, and 4.98.1 when command-line access is present. Security updates have already been released to address this vulnerability, and all Exim users are advised to upgrade their software to prevent potential attacks.

Zero-day vulnerability fix found in Windows Explorer

0patch researchers have discovered a vulnerability in SCF files that could lead to the disclosure of NTLM hashes of Windows accounts. This issue affects all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 and Server 2025. Malicious actors may exploit this vulnerability once a user opens a downloaded harmful file in Windows Explorer. This flaw is currently being actively used in sophisticated targeted attacks. 0patch has released an update to protect against this vulnerability, which will be available for free until an official Microsoft fix is released.

Traditional antivirus unable to combat new Android malware

The McAfee team has uncovered new groups of Android malware that are employing the cross-platform framework .NET MAUI to evade antivirus detection. These malicious programs disguise themselves as legitimate utilities, circumventing traditional protective measures. The use of .NET MAUI allows developers to create applications that run across multiple platforms, including Android, making detection more challenging. Cybercriminals are actively using these strategies to spread malware capable of stealing personal data and conducting other malicious activities. McAfee advises Android users to be cautious and to refrain from installing apps from untrusted sources.