This weekly roundup covers several concurrent security issues including a Chrome zero-day, exploits targeting Ubiquiti UniFi devices, macOS information-stealing malware, and a VPN vulnerability. The common thread is attackers leveraging neglected or deprecated software, abandoned packages, and phishing-as-a-service tooling to gain initial access. These are not novel attack classes — they reflect persistent failures in asset lifecycle management and patch hygiene.

Security Architect’s Take: Audit your attack surface for deprecated login endpoints, end-of-life network appliances (particularly UniFi devices exposed to the internet), and any third-party packages in your pipelines that may have been abandoned by their maintainers. Prioritise patching Chrome across managed endpoints and validate VPN appliance versions against current vendor advisories.

Original advisory: ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More