Daily updates from the General Staff of the Ukrainian Armed Forces (AFU) regarding frontline developments and casualty figures amidst Russia’s invasion of Ukraine.
Category: Full Text Articles – Audio Posts
Category Added in a WPeMatico Campaign
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild.
Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild.
The vulnerability is an out-of-bounds read and write in the V8 JavaScript engine in Google Chrome prior. An attacker can exploit the flaw to trigger a heap corruption via a crafted HTML page.
Clement Lecigne and Benoît Sevens of Google Threat Analysis Group reported the vulnerability on May 27, 2025. The IT giant addressed the issue the day after, on May 28, 2025, with a configuration update applied to all Chrome Stable platforms.
“Google is aware that an exploit for CVE-2025-5419 exists in the wild.” reads the advisory.
Chrome Stable is updated to version 137.0.7151.68/.69 for Windows and Mac, and 137.0.7151.68 for Linux, rolling out in the coming days.
As usual, the company did not disclose technical details about the attack that exploited this issue.
Google also addressed a medium-severity flaw, tracked as CVE-2025-5068, which is a use-after-free issue in the Blink rendering engine. Walkman reported the flaw on April 7, 2025.
In March 2025, Google released other out-of-band fixes to address the first actively exploited Chrome zero-day since the start of the year. The flaw is a high-severity security vulnerability, tracked as CVE-2025-2783, in the Chrome browser for Windows.
The vulnerability is an incorrect handle provided in unspecified circumstances in Mojo on Windows. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025. Kaspersky researchers reported that the flaw was actively exploited in attacks targeting organizations in Russia.
Mojo is Google’s IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. On Windows, it enhances Chrome’s security, but past vulnerabilities have enabled sandbox escapes and privilege escalation.
Google did not share details about the attacks that exploited this vulnerability or the identity of the threat actors behind them.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Chrome browser)
A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency.
Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency.
Threat actors behind the campaign are exploiting a wide range of known misconfigurations and vulnerabilities to deliver the miner.
This campaign is the first publicly known case of attackers exploiting misconfigured Nomad servers in real-world attacks. The group behind it, named JINX-0132, took advantage of this overlooked entry point, much like in a previous campaign, “SeleniumGreed,” which targeted exposed SeleniumGrid setups. These types of misconfigurations often go unnoticed by defenders, especially when the tools involved aren’t widely seen as likely attack targets.
The threat actor behind this cryptojacking campaign rely on public GitHub tools and standard XMRig versions instead of custom malware. This “living-off-open-source” approach complicates attribution and clustering. Some compromised Nomad servers control hundreds of clients, showing that even large, resource-rich organizations can fall victim to simple misconfigurations.
“A key characteristic of JINX-0132’s methodology is the seemingly deliberate avoidance of any unique, traditional identifiers that could be used by defenders as Indicators of Compromise (IOCs). Instead of utilizing attacker-controlled servers for payload delivery, they download tools directly from public GitHub repositories.” reads the report published by cloud security firm Wiz. “Furthermore, they rely on standard release versions of XMRig rather than custom malware.”
The campaign targets misconfigured Nomad servers that are publicly exposed and running with default settings. By abusing Nomad’s job queue feature, which are enabled by default unless reconfigured, attackers like JINX-0132 can remotely submit jobs without authentication. They use this access to run shell commands that download and execute the XMRig crypto miner from GitHub, using an attacker-controlled Monero wallet. Since this attack doesn’t rely on custom malware or attacker-owned infrastructure, it’s harder to detect, with the only clear indicator being the wallet address, easily changed for future attacks. This highlights the importance of properly securing Nomad’s API access and following HashiCorp’s recommended configurations.
JINX-0132 targets publicly exposed Gitea servers by exploiting misconfigurations or known vulnerabilities. While the exact method varies, possible attack paths include:
- Post-authentication RCE (CVE-2020-14144) in versions 1.1.0–1.12.5 if git hooks are enabled and attackers gain user access.
- Unauthenticated RCE in version 1.4.0 via a logic flaw that allows forging admin sessions and executing malicious hooks.
- Unlocked installer, allowing attackers to rerun setup and reset admin credentials.
These weaknesses allow attackers to gain code execution and establish a foothold on vulnerable servers.
Threat actors target misconfigured Consul servers by abusing the service registration and health check features. Without proper security settings like ACLs, any remote user can register services and execute health checks—bash commands run on connected nodes. JINX-0132 used this to run XMRig miners under random service names, exploiting default settings for remote code execution and cryptomining.
Attackers can exploit misconfigured Docker servers by abusing the exposed Docker Engine API, which allows full control over containers. If admins expose this API over the internet (e.g., via tcp://0.0.0.0:2375) threat actors can use it to run malicious containers, mount the host filesystem, or launch cryptominers. This gives them root-level access with just a few API calls, making remote code execution easy and dangerous.
“Based on Wiz data, 25% of all cloud environments have at least one of the above-mentioned technologies, with HashiCorp Consul being the most popular, running in over 20% of environments. Of those environments using these DevOps tools, 5% expose them directly to the Internet, and among those exposed deployments, 30% are misconfigured.” states Wiz.
A Shodan search reveals thousands of exposed Consul and Nomad instances online, including hundreds hosted on major cloud platforms like AWS, Azure, and GCP. Most of the exposed servers are in China, the United States, Germany, Singapore, Hong Kong, Finland, the Netherlands, and the United Kingdom.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cryptojacking campaign)
From the time I was a teenager, I have spent my entire life working in a Queens-based two-generation family business which grew into a market leader in the retail electronic amusement, music, tobacco, and ATM industry. In large measure, New York State’s policies are to blame for how this cottage industry together with a number of small businesses like mine are drying up, disappearing. Going back to 1975 there were some 300 enterprises in our industry with a presence in the greater New York tri-state region. Today there are fifty. Several hundred people continue to earn their livelihoods here.
Much of the equipment our businesses placed on New York’s streets was manufactured in America. Today, most of it is imported from China, South Korea, or Taiwan!
Our jukebox music and amusements used to be located in diners, coffee shops, and pizzerias. Due to government policies, the economics of this business no longer make sense for those locations. The bulwark of our business has always has been in bars, clubs, and entertainment centers. Our presence in these locations provides a meaningful financial boost to these business owners—many of whom are struggling themselves to stay open. New York’s government officials are strangling our businesses by imposing unreasonable, difficult laws and regulations. Meanwhile, the government unfairly subsidizes and encourages our competitors.
For example, while it has been determined that tobacco is a health hazard, for decades this part of our industry with cigarette machines employed hundreds of people with decent jobs. Government earned significant tax revenues here. When New York’s government crippled this legal business—the illegal tobacco sales which continue to flourish have cost New York as much as $1 billion a year in tax revenue.
Compare this with the New York government’s encouragement of cannabis. Similar to cigarettes and cigars, there are major concerns over the health and safety of using cannabis. Yet, New York has provided taxpayer funding to a multitude of cannabis operations, even to people with criminal records. And New York often looks the other way, being very lenient on cannabis locations which are illegal. It is questionable how much tax revenue New York has actually been brought in through this system it has created.
Our industry must compete with The New York State Lottery, which is gambling entertainment. New York’s Lottery has a strong, aggressive presence in most all of our locations. Our amusements and music are at a severe competitive disadvantage because we cannot offer any prizes of value.
Within the past twenty years, New York has enthusiastically embraced both casino gambling, and now online gambling and sports betting. All of this has become a competitive monster where many business owners in my industry are unable to cope.
With horse racing and Off-Track Betting, New York taxpayers have poured billions of dollars into subsidizing this entertainment. Often these mediums are flawed and controversial. The odds are stacked against amusement and music owners struggling to compete.
It would be disastrous if New York wiped out our industry, its employees and economic development—in the name of favoring other industries! It is time for New York State government officials to provide relief so our industry survives: Equal financial assistance, tax benefits, and business accommodations which it has bestowed on our competitors.
