ARTICLE
24 July 2025

Ankura CTIX FLASH Update - July 18, 2025

AC
Ankura Consulting Group LLC

Contributor

Ankura Consulting Group, LLC is an independent global expert services and advisory firm that delivers end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy, and transformation. Ankura consists of more than 1,800 professionals and has served 3,000+ clients across 55 countries. Collaborative lateral thinking, hard-earned experience, and multidisciplinary capabilities drive results and Ankura is unrivalled in its ability to assist clients to Protect, Create, and Recover Value. For more information, please visit, ankura.com.
Recent cybersecurity developments highlight the increasing sophistication of threats targeting remote access and cloud-based communication platforms.
United States Technology

Malware Activity

Emerging Cyber Threats Targeting Remote Access Infrastructure and AI-Driven Social Engineering

Recent cybersecurity developments highlight the increasing sophistication of threats targeting remote access and cloud-based communication platforms. SonicWall's Secure Mobile Access (SMA) devices have come under a complex cyberattack involving the Overstep rootkit. Which exploits a zero-day vulnerability to establish persistent access. Thereby enabling ransomware deployment and stealthy network infiltration. This incident underscores the escalating risks associated with remote access solutions. Prompting SonicWall to advise immediate security updates and enhanced protective measures. Concurrently, over 1.8 billion Gmail users face a rising threat from AI-enhanced social engineering attacks. Wherein attackers embed hidden commands within seemingly innocuous emails using techniques like white-on-white text to evade detection. Leveraging Google's Gemini AI, malicious actors craft convincing scam alerts and manipulate users into divulging sensitive information or visiting malicious sites. With the vulnerability spanning Gmail, Docs, Calendar, and third-party integrations. Both cases exemplify the urgent need for proactive vulnerability management, continuous monitoring, and user awareness to defend against evolving cyber threats exploiting AI and remote connectivity tools. CTIX analysts will continue to report on the latest malware strains and attack methodologies.

Threat Actor Activity

States Are Passing Legislation to Combat AI Voice Impersonations

Pennsylvania has enacted new legislation (SB 649) to combat the misuse of generative AI impersonations, adding to the growing list of states with laws addressing deepfakes. Under this law, creating non-consensual digital impersonations is classified as a misdemeanor, while using them with fraudulent intent is deemed a felony. This builds on previous legislation targeting AI-generated child sexual abuse material and non-consensual intimate images, signed by Governor Josh Shapiro last year. The law aims to equip prosecutors with tools to tackle AI scams and financial exploitation by criminals, such as impersonating a grandchild's voice to deceive older adults into sending money. There is a broader movement against generative AI-created voices and images, with state legislatures adopting eighty (80) laws last year and more proposals introduced in eighteen (18) states this year. New York recently passed a law requiring disclosure of "synthetic performers" use, though audio-only advertising was removed at the last minute. SAG-AFTRA is advocating for similar laws nationwide to protect voice and image rights.

Vulnerabilities

Google Patches Actively Exploited GPU Sandbox Escape Zero-Day Vulnerability in Chrome

Google has released an urgent security update for Chrome to address six (6) vulnerabilities, most notably CVE-2025-6558 (a high-severity zero-day flaw, CVSS 8.8/10) that is actively being exploited in-the-wild. Discovered by researchers from Google's Threat Analysis Group on June 23, the flaw results from improper validation of untrusted input within Chrome's ANGLE and GPU components. ANGLE, a critical translation layer that handles GPU commands for WebGL and other rendering technologies, is particularly sensitive as it bridges the browser and graphics drivers. A successful exploit, delivered via a maliciously crafted HTML page, could enable attackers to escape Chrome's sandbox and execute code on the underlying system, posing serious risks in targeted attacks where simply visiting a website may result in compromise. Google has withheld the full technical details of the exploit pending widespread patch adoption and noted that the flaw may also affect shared third-party libraries. Alongside CVE-2025-6558, the update includes patches for five (5) other vulnerabilities, including CVE-2025-7656 (a high-severity V8 JavaScript engine bug) and CVE-2025-7657 (a use-after-free issue in WebRTC). This marks the fifth (5) in-the-wild Chrome zero-day exploited in 2025, highlighting a persistent trend in browser-targeted threats. CTIX analysts strongly urge users of Chrome and Chromium-based browsers (like Edge, Brave, Opera, and Vivaldi) to update to version 138.0.7204.157/.158 immediately to prevent exploitation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More