This week’s biggest threats: a hardware‑level memory exploit (“Phoenix” RowHammer) that bypasses assumed protections, and a newly discovered zero‑day in Chrome already being exploited in the wild. Both show that relying solely on software patch cycles is no longer enough—defense needs to reach firmware, hardware, and core platform layers.
🚨 Top Stories
1. “Phoenix” RowHammer Attack Cracks DDR5 Memory Defenses (CVE‑2025‑6202)
Researchers revealed a new RowHammer variant affecting SK hynix DDR5 DIMMs. It bypasses on‑die ECC and related mitigations, and can extract SSH keys or achieve root in under two minutes. TechRadar💡 Key Takeaway: Systems using DDR5, especially with SK hynix memory, are vulnerable even if ECC is enabled—monitor for firmware/hardware updates, consider increasing refresh rates or other mitigations where possible.
Chrome Zero‑Day CVE‑2025‑10585 Actively Exploited
Google patched a type‑confusion zero‑day in its V8 JavaScript/WebAssembly engine. The flaw (CVE‑2025‑10585) was being exploited in the wild prior to the patch.Help Net Security💡 Key Takeaway: Anyone using Chrome (or Chromium‑based browsers) should update immediately. Auto‑update settings are essential; lag in browser update rollout may be exploited.
Microsoft September Patch Tuesday: Two Publicly Disclosed Zero‑Days + Many Critical Flaws
Microsoft’s September 2025 Patch Tuesday fixed 81 vulnerabilities, including nine critical ones, and two zero‑day vulnerabilities: CVE‑2025‑55234 (Windows SMB) and CVE‑2024‑21907 (Newtonsoft.Json used in SQL Server). Splashtop💡 Key Takeaway: Patch SMB servers immediately, ensure SQL Server instances are updated; also review mitigation of relay attacks and enforce best practices (e.g. SMB signing / EPA).
🛠️ Vulnerability Spotlight
CVE‑2025‑6202 (“Phoenix” RowHammer)
Hardware vulnerability in DDR5 chips bypassing ECC; root/SSH key compromise demonstrated. TechRadar
💡 Key Takeaway: Treat memory modules as part of your threat surface; maintain inventory, push firmware where available, plan replacement if chips are unsupported.CVE‑2025‑10585 (Chrome V8 Type Confusion Zero‑Day)
Actively exploited type confusion vulnerability in V8; fixed in latest Chrome stable. Help Net Security
💡 Key Takeaway: Update browsers now; consider defense in depth for web‑exposed endpoints; monitor for related exploits (e.g. in WebAssembly, JS libraries).
📊 Trend to Watch
Hardware & Browser Layers Under Increasing Attack
From “Phoenix” RowHammer to Chrome type‑confusion zero‑days, adversaries are moving “down the stack” — breaking assumptions that hardware or built‑in protections are safe. Combined with faster exploit lifecycles, this means defenders need to treat firmware, memory, browser engines with the same urgency as OS/software patches.
💡 Key Takeaway: Expand vulnerability management programs to include hardware/firmware, ensure browser patching is as automated and monitored as server patching; incorporate vendor memory‑firmware advisories into risk scoring.
🏛️ Policy & Regulation Watch
DoD Tightens Cybersecurity Rules for Contractors under CMMC 2.0
New rules will take effect November 10, 2025. The updated framework reduces compliance levels from five to three, with stricter requirements for contractors handling sensitive data. Conditional certifications are available, with timeline windows to meet full compliance. TechRadar
💡 Key Takeaway: If your organization is or might become a DoD contractor, begin planning now: gap assessments, documentation, third‑party assessor readiness will matter.
🧰 Tool / Resource of the Week
Villager – AI-Powered Pen-Testing / Red-Team Tool
Villager is a new AI-native red-team / pentesting framework built by Cyberspike. It leverages DeepSeek v3 along with Kali Linux toolsets and was published to PyPI. The tool automates complex multi-vector attack workflows using natural language prompts and adapts based on context. It has reached over 10,000 downloads since being released. TechRadar
💡 Key Takeaway: For defenders: assume adversaries will adopt tools like Villager. Monitor telemetry for AI-powered tool behavior (e.g. unusual automation, containerized tasks), increase threat hunting for signs of red-team style activity, and restrict use of exposed Dev/Ops environments where such tools may run.
⚡ Quick Hits
Google released its Android security update addressing 84 vulnerabilities, including two zero‑days (kernel and runtime) in actively exploited attacks. Tom's Guide
Texas established a new “Texas Cyber Command” with an appointment of retired Navy Vice Admiral to lead it, focusing on state infrastructure protection. San Antonio Express-News
The Stopgap funding failure in Congress has put the reauthorization of the Cybersecurity Information Sharing Act (CISA) in jeopardy as the September deadline approaches. The Wall Street Journal
🛡️ Actionable Defense Move of the Week
Deploy an End‑to‑End Update & Exposure Sweep
Ensure all systems with DDR5 RAM are identified; check for firmware updates or planned replacement/mitigation (memory refresh, configuration hardening).
Push the Chrome update (CVE‑2025‑10585) to all endpoints; disable or limit non‑essential browser features that expand attack surface (plugins, JS heavy extensions).
Audit Microsoft environments: deploy Patch Tuesday updates, focus on SMB, SQL Server, NTLM, and other high‑priority zero‑days. Harden SMB settings (signing, EPA, etc.).
Use KEV catalog to identify and remediate known exploited vulnerabilities in your environment first.
📝 Final Word
This week underscores a stark reality: protection assumptions (hardware, browser sandboxing, default safeguards) are eroding. Attackers are moving faster, finding gaps in layers we thought were safe. Defense must get deeper, faster, and more holistic.