This week’s cybersecurity developments reveal a relentless pace of emerging threats, vendor responses, and policy-level shifts.

Apple has issued its first-ever security patch for the C1 modem in iOS 18.5, addressing privacy vulnerabilities alongside a wider iOS update. Fortinet responded to an actively exploited zero-day vulnerability in FortiVoice systems, while ENISA launched the European Vulnerability Database to strengthen coordinated defence across the EU.

Meanwhile, hundreds of online stores were compromised through long-dormant, backdoored Magento extensions in a renewed supply chain attack. Marks & Spencer’s confirmed cyberattack has resulted in a £700 million market loss. Microsoft and Google also patched critical zero-day flaws. Microsoft’s affecting its scripting engine in Edge’s IE mode, and Google’s allowing cross-origin data leaks in Chrome.

Apple Issues First Security Patch for C1 Modem in iOS 18.5

Apple has released iOS 18.5, addressing over 30 security vulnerabilities across its platforms, including the first-ever patch for its in-house C1 modem used in the iPhone 16e.

The C1 modem vulnerability, noted as CVE-2025-31214, could have allowed attackers with privileged network access to intercept cellular data, posing risks of surveillance or man-in-the-middle attacks. Apple mitigated this baseband security flaw through improved state management.

Additional fixes in iOS 18.5 and macOS Sequoia target privacy issues in components like Core Bluetooth, Finder, and the Transparency, Consent, and Control (TCC) framework, which previously allowed unauthorised access to sensitive user data.

While no active exploitation has been reported, users are advised to update promptly to enhance device security.

Fortinet Patches Actively Exploited Zero-Day Vulnerability in FortiVoice Systems

Fortinet has released a critical security update addressing a zero-day vulnerability, tracked as CVE-2025-32756, which has been actively exploited in attacks targeting FortiVoice enterprise phone systems.

This stack-based buffer overflow flaw, with a CVSS score of 9.6, allows unauthenticated remote attackers to execute arbitrary code via crafted HTTP requests. The vulnerability also affects other Fortinet products, including FortiMail, FortiNDR, FortiRecorder, and FortiCamera.

Fortinet observed threat actors exploiting this flaw to scan device networks, erase system crash logs, and enable debugging features to capture credentials. Users are urged to apply the latest patches immediately.

ENISA Launches European Vulnerability Database to Strengthen EU Cybersecurity

On May 13th, the European Union Agency for Cybersecurity (ENISA) announced the launch of the European Vulnerability Database (EUVD), a centralised platform designed to enhance digital security across the EU.

Developed under the NIS2 Directive, the EUVD aggregates reliable and actionable information on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services, including mitigation measures and exploitation status.

The database aims to improve situational awareness, facilitate better analysis, and enable stakeholders, including public authorities, private companies, and researchers, to manage cybersecurity risks more effectively. By consolidating data from multiple sources like CSIRTs, vendors, and existing databases, the EUVD represents a significant step toward reinforcing Europe’s security and resilience.

Backdoored Magento Extensions Compromise Hundreds of Online Stores in Long-Dormant Supply Chain Attack

Security researchers at Sansec have uncovered a widespread supply chain attack affecting Magento-based online stores through backdoored extensions.

The malicious campaign involves 21 compromised extensions from vendors Tigren, Meetanshi, and MGS, which were infected between 2019 and 2022 but remained dormant until recently.

The malware, embedded in files like License.php or LicenseApi.php, activates via the adminLoadLicense function, allowing attackers to execute arbitrary PHP code.

One unnamed multinational retailer valued at $40 billion is among the affected.

While Meetanshi acknowledged a server breach, Tigren and MGS have not taken remedial action. Administrators are advised to audit their installations, remove the malicious license files, and exercise caution with extensions from these vendors.

Marks and Spencer’s Data Breach Confirmed - £700M Wiped from Market Value

Three weeks after a ransomware attack by the Scattered Spider group, Marks & Spencer (M&S) continues to grapple with significant operational disruptions.

The retailer has confirmed that customer personal data was compromised, though payment information and passwords remain secure. Despite this, experts warn that exposed contact details could lead to phishing attempts and other scams.

The cyberattack has severely impacted M&S’s operations, with ongoing issues such as empty shelves, suspended online orders, and non-functional gift card systems. The company’s market valuation has suffered a loss exceeding £700 million.

M&S is advising customers to remain vigilant, change passwords, and enable two-factor authentication to enhance security.

Microsoft Patches Actively Exploited Zero-Day in Scripting Engine Allowing Remote Code Execution via Edge’s IE Mode

Microsoft has addressed a zero-day vulnerability (CVE-2025-30397) in its May 2025 Patch Tuesday update. This memory corruption flaw in the Windows Scripting Engine allows unauthenticated attackers to achieve remote code execution by tricking users into visiting a malicious webpage or clicking a crafted link, particularly when using Microsoft Edge in Internet Explorer (IE) mode.

The vulnerability has been actively exploited in the wild, though Microsoft has not disclosed the extent of these attacks.

It is recommended that organisations promptly apply the patch.

Google Patches Actively Exploited Chrome Vulnerability Enabling Cross-Origin Data Leaks

Google has released a security update for Chrome to address a high-severity vulnerability, CVE-2025-4664, which has been actively exploited in the wild. This flaw, stemming from insufficient policy enforcement in Chrome’s Loader component, allows attackers to leak cross-origin data via crafted HTML pages.

Security researcher Vsevolod Kokorin highlighted that Chrome’s handling of the Link header on sub-resource requests could be manipulated to set a referrer policy, enabling the capture of sensitive query parameters. Such data could potentially lead to full account takeovers.

Users are strongly advised to update to Chrome version 136.0.7103.113 or later to mitigate this risk. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the necessary updates as they become available.

If you’re ready to chat about how we can help protect your business from cyber threats, contact us using the form below 👇.