Google Patches CVE-2025-6554 Chrome Zero-Day Added to U.S. CISA KEV Catalog; Batavia Spyware Targets Russian Orgs

Google has patched a critical zero-day vulnerability in its Chrome browser, identified as CVE-2025-6554, marking the fourth such flaw addressed in 2025. This high-severity bug has been actively exploited by hackers, with indications that malicious nation-states may be involved. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog, highlighting the ongoing threat. Separately, cybersecurity researchers have uncovered the 'Batavia' Windows spyware campaign targeting dozens of Russian organizations since July 2024. Batavia operates via fake contract emails and is capable of stealing internal documents, system logs, screenshots, and scanning USB devices, with over 100 phishing incidents linked to the campaign. Additionally, the NightEagle advanced persistent threat group is exploiting a Microsoft Exchange vulnerability to target China's military and technology sectors. In the macOS malware landscape, the Atomic macOS Stealer has evolved from stealing passwords and crypto wallets to incorporating a backdoor for prolonged remote control of infected devices.