This Week in Cyber 6th June 2025

Analyst Insight

This week in cyber, we have seen ongoing attacks on the retail / fashion industry, with luxury jewellery brand “Cartier” and clothing brand “The North Face” suffering data breaches. This trend of targeting retailers has been common in previous months, with Co-op, M&S and Harrods being the first to gather news attention. We have also observed some critical fixes to flaws within Google Chrome, where an out-of-band update was released to fix a critical out-of-bounds read and write vulnerability. Microsoft also released an urgent fix for Windows 11, after users were reporting boot failures. We have also seen an interesting discovery from SquareX, where Apple Safari users are being targeted with browser-in-the-middle attacks. Read more in this week in cyber.

Google Patches Chrome Zero-day Actively Exploited in Attacks

On Monday, Google released an out-of-band patch for a high-severity flaw within the Chrome browser. Tracked as CVE-2025-5419 (CVSS score: 8.8) it’s flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. “Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” the CVE record states. “Google is aware that an exploit for CVE-2025-5419 exists in the wild.” states Google. Google credited Clement Lecigne and Benoît Sevens of Google Threat Analysis Group for discovering the flaw and disclosing it at the end of last month.

Windows 11 Emergency Fix Released After Startup Failures

Microsoft released an emergency out-of-band update this week to fix Windows 11 systems that were experiencing startup issues. Following the May 2025 security update (KB5058405), the problem surfaced, resulting in boot failures and recovery mode triggered by devices displaying an error related to the ACPI.sys driver. Enterprise environments were primarily affected by this issue. Since then, Microsoft has patched the problem to return the system to normal operation.

Luxury Fashion Brand Cartier Suffers Data Breach

Cartier has disclosed a data breach affecting some of its customers. The luxury jewellery brand revealed that unauthorized access to its systems led to the exposure of limited personal information, including names, email addresses, and countries of residence. Fortunately, no financial data or passwords were compromised. The company has also informed relevant authorities and is collaborating with external experts to address the situation. This incident is part of a broader trend of cyberattacks targeting high-profile companies in the fashion and retail sectors.

The North Face Warns Customers of Potential Data Breach

In April 2025, The North Face experienced a credential stuffing attack on its U.S. e-commerce platform. This type of cyberattack involves using previously exposed username-password combinations to gain unauthorized access to user accounts. The data includes Full name, Email address, Date of birth, Telephone number, Shipping Address and Purchase history. Payment information was not exposed in this breach, due to it being handled by an external provider. The company has begun to send data breach notifications to impacted customers.

Apple Safari Users at Risk of Browser-in-The-Middle Attacks

Researchers at SquareX discovered Apple's Safari browser is vulnerable to a fullscreen browser-in-the-middle (BitM) attack, where malicious websites exploit the Full screen API to deceive users into entering sensitive information into fake login forms. This flaw allows attackers to overlay a full screen window that mimics legitimate sites, obscuring the browser's address bar and security indicators. Unlike some browsers that alert users when entering full screen mode, Safari fails to provide such notifications, making these attacks particularly effective. SquareX have observed an increase in such malicious activities targeting Safari users. To mitigate the threat, users are advised to remain cautious of unsolicited prompts requesting login credentials and to verify the authenticity of websites before entering sensitive information.