Featured Story
Apple Patches WebKit Zero-Day Vulnerability
Apple released a security update to address a zero-day flaw (CVE-2025-24201) in the WebKit browser engine. The issue allowed attackers to craft malicious web content that could escape the Web Content sandbox. Apple fixed it with improved checks, noting it supplements protections from iOS 17.2.
This vulnerability shows how shared components can lead to widespread risk. WebKit, used by Safari and other Apple services, makes regular patching essential. Even small flaws in core libraries can open the door to serious threats—underscoring the need for continuous updates and user awareness.
Other Stories
Switzerland Enforces 24-Hour Cyberattack Reporting
Switzerland’s National Cybersecurity Centre (NCSC) now mandates that cyberattacks on critical infrastructure must be reported within 24 hours. This aims to improve national responsiveness to escalating cyber threats.
This move echoes the EU’s NIS2 directive, reinforcing the global shift toward rapid incident reporting. Organizations must bolster their monitoring systems and ensure they’re prepared to meet fast-moving regulatory demands. Early action = reduced impact.
Human Error Responsible for 95% of 2024 Data Breaches
Mimecast reports that 95% of last year’s breaches involved human error—primarily credential misuse, phishing, and insider threats. One notable case: the Change Healthcare ransomware attack started with a single compromised employee login.
These numbers confirm what we see daily—people are often the weakest link. Ongoing training, awareness campaigns, and realistic phishing simulations help reduce human-driven risks. Tech is important, but educated users are essential.
Undocumented Commands Found in Popular Bluetooth Chip
The ESP32 chip (used in over 1 billion IoT devices) contains undocumented commands that can spoof devices, access data, and pivot through networks—posing massive supply chain risks.
This discovery spotlights hidden threats in hardware. When inexpensive components lack transparency, they become prime targets. Businesses should evaluate vendors carefully and ensure regular firmware audits and security testing.
Beware: Fake Emails in Circulation on Behalf of De Watergroep
Fraudulent emails are being sent by cybercriminals impersonating De Watergroep, attempting to trick recipients with fake discount offers. These emails are convincingly crafted but do not originate from the official @dewatergroep.be domain. Users are urged not to click any links and to stay alert.
Phishing scams continue to target Belgian citizens, this time using the name of De Watergroep to deceive recipients. We strongly advise against clicking any links in suspicious emails—always visit the official website directly. If you receive a suspicious message, forward it to suspicious@safeonweb.be. Your vigilance helps protect the wider community.
