---
title: "Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27, 2025] | DuoCircle"
description: "Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/"
---

Quick Answer

Cybersecurity news for the week of October 27, 2025\. Kaspersky tied the patched Chrome zero-day CVE-2025-2783 (CVSS 8.3) to Operation ForumTroll, a Memento Labs (formerly Hacking Team) espionage campaign targeting media, universities, government, and finance in Eastern Europe via phishing for the "Primakov Readings" forum, deploying LeetAgent and the Dante spyware framework. New npm supply-chain threats included PhantomRaven and an info-stealer campaign. Active exploitation hit DELMIA Apriso and XWiki. Ransomware also struck Sedgebrook and Heartland Health Center, exposing patient data.

Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News \[October 27, 2025\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/11/Chrome-Spyware-Exploited-npm-InfoStealer-Attack-DELMIA-XWiki-Vulnerabilities---Cybersecurity-News-October-27-2025.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-45-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Chrome%20Spyware%20Exploited%2C%20npm%20InfoStealer%20Attack%2C%20DELMIA%20XWiki%20Vulnerabilities%2C%20Cybersecurity%20News%20%5BOctober%2027%2C%202025%5D&url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-45-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-45-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-45-of-2025%2F&title=Chrome%20Spyware%20Exploited%2C%20npm%20InfoStealer%20Attack%2C%20DELMIA%20XWiki%20Vulnerabilities%2C%20Cybersecurity%20News%20%5BOctober%2027%2C%202025%5D "Share on Reddit") [ ](mailto:?subject=Chrome%20Spyware%20Exploited%2C%20npm%20InfoStealer%20Attack%2C%20DELMIA%20XWiki%20Vulnerabilities%2C%20Cybersecurity%20News%20%5BOctober%2027%2C%202025%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-45-of-2025%2F "Share via Email") 

![cybersecurity](https://media.mailhop.org/duocircle/images/2025/11/spf-record-tester-6780.jpg) 

This week’s cybersecurity highlights include a Chrome zero-day exploited by [Memento Labs for spyware attacks](https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html), new npm supply chain threats like PhantomRaven and an [info-stealer campaign](https://www.cnbc.com/2025/06/26/experts-sound-alarm-on-infostealer-malware-after-login-details-exposed.html), and active exploitation of DELMIA Apriso and XWiki flaws. Meanwhile, ransomware hit Sedgebrook and Heartland Health Center, exposing patient data and prompting renewed **healthcare security concerns**.

## Chrome Zero-Day Exploited to Deploy Memento Labs Spyware Attacks

Kaspersky has uncovered that a now-patched Google Chrome vulnerability, [CVE-2025-2783](https://nvd.nist.gov/vuln/detail/CVE-2025-2783) (CVSS 8.3), was [exploited in targeted espionage attacks](https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/) linked to European surveillance vendor Memento Labs. The flaw, [a sandbox escape bug fixed in March 2025](https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop%5F25.html), was weaponized in a campaign dubbed Operation ForumTroll, which targeted media, universities, research institutions, government bodies, and financial organizations in Eastern Europe. The campaign, also tracked as [TaxOff, Team 46,](https://ptsecurity.com/research/pt-esc-threat-intelligence/kvartalnyj-otchet-iyun-2025/#id2) and [Dante APT](https://www.f6.ru/media-center/press-releases/cybercrime-trends-annual-report-2024-2025/), used [phishing emails](/content/phishing-prevention/phishing-email) posing as invitations to the “**Primakov Readings**” forum to trigger the exploit and deliver spyware.

The attackers deployed [LeetAgent](https://www.kaspersky.com/blog/forumtroll-dante-leetagent/54670/), a new espionage tool from [Memento Labs](https://mem3nt0.com/) capable of executing commands, stealing documents, injecting shellcode, and running keylogging tasks. In several cases, LeetAgent launched Dante, an advanced spyware framework designed to evade detection and resist analysis. Both tools share code and persistence techniques, indicating they stem from the same developer. Memento Labs, previously known as Hacking Team, [confirmed that its Dante spyware was part of the breach](https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/), blaming an unnamed government customer for misuse. The incident underscores how commercial surveillance tools marketed for law enforcement continue to be repurposed for covert cyber-espionage operations.

[![stealing documents](https://media.mailhop.org/duocircle/images/2025/11/spf-record-checker-3321.jpg)](https://media.mailhop.org/duocircle/images/2025/11/spf-record-checker-3321.jpg)

## npm Supply Chain Attack Targets Developers with Info Stealer

Cybersecurity researchers have [uncovered ten malicious npm packages](https://socket.dev/blog/10-npm-typosquatted-packages-deploy-credential-harvester) that delivered a multi-stage information stealer to developers on Windows, Linux and macOS. Uploaded to the registry on 4 July 2025, the typosquatted packages mimicked legitimate libraries such as [discord.js](https://socket.dev/npm/package/dizcordjs), [ethers.js](https://socket.dev/npm/package/etherdjs), [nodemon](https://socket.dev/npm/package/nodemonjs), [react-router-dom](https://socket.dev/npm/package/react-router-dom.js), [TypeScript](https://socket.dev/npm/package/typescriptjs) and [zustand](https://socket.dev/npm/package/zustand.js) and amassed 9,900 downloads. Each package uses a postinstall hook to spawn a separate terminal window, show a fake CAPTCHA, fingerprint the host by IP, and then fetch a heavily obfuscated loader. The JavaScript loader employs multiple obfuscation techniques, including a dynamic XOR cipher, [URL encoding](https://locationiq.com/glossary/url-encoding), and numeric encodings, to frustrate analysis.

The loader downloads [a 24 MB PyInstaller](https://pypi.org/project/pyinstaller/) stealer that scans browsers, config files, SSH keys, and the [operating system keyring to harvest credentials](https://www.npmjs.com/package/keyring), session tokens, and authentication artifacts from email clients, VPNs, cloud sync tools, and password managers. Harvested data is compressed into a ZIP archive and exfiltrated to an attacker-controlled server. By targeting system keyrings the malware bypasses application level protections and can grant immediate access to corporate email, cloud storage and production systems. Organisations should urgently audit dependencies, remove unfamiliar packages, avoid running npm with elevated privileges and rotate any credentials that may have been exposed. Investigations and monitoring remain ongoing.

[![attacker](https://media.mailhop.org/duocircle/images/2025/11/spf-record-3321.jpg)](https://media.mailhop.org/duocircle/images/2025/11/spf-record-3321.jpg)

## Hackers Actively Exploit Critical Flaws in DELMIA Apriso and XWiki

Threat actors are actively exploiting multiple high-severity vulnerabilities in [Dassault Systèmes DELMIA Apriso](https://www.3ds.com/about) and [XWiki](https://www.xwiki.org/xwiki/bin/view/Main/WebHome), according to alerts from [CISA](https://www.cisa.gov/news-events/alerts/2025/10/28/cisa-adds-two-known-exploited-vulnerabilities-catalog) and [VulnCheck](https://www.vulncheck.com/blog/xwiki-cve-2025-24893-eitw). Two Apriso flaws, [CVE-2025-6204](https://www.cve.org/CVERecord?id=CVE-2025-6204) (code injection, CVSS 8.0) and [CVE-2025-6205](https://www.cve.org/CVERecord?id=CVE-2025-6205) (missing authorization, CVSS 9.1), affect versions **from 2020 to 2025**. When combined, these bugs [allow attackers to create privileged accounts and drop executable files](https://projectdiscovery.io/blog/remote-code-execution-in-delmia-apriso), leading to full system compromise. CISA has added both flaws to its Known Exploited Vulnerabilities (KEV) catalog, following another critical Apriso bug ([CVE-2025-5086](https://www.cve.org/CVERecord?id=CVE-2025-5086)) flagged last month.

Meanwhile, VulnCheck has confirmed [active exploitation of XWiki’s CVE-2025-24893](https://app.crowdsec.net/cti/cve-explorer/CVE-2025-24893) (CVSS 9.8), an eval injection flaw allowing remote code execution through the “/bin/get/Main/SolrSearch” endpoint. Attackers are using a two-stage chain to install a cryptocurrency miner, first staging a downloader and later executing it from **Southeast Asia-based IPs**. The miner kills competing processes like XMRig and connects to [c3pool.org](https://c3pool.org/#/). Evidence suggests exploitation has been ongoing since March 2025\. CISA has instructed federal agencies to patch the Apriso flaws by November 18, 2025, while all users of DELMIA Apriso and XWiki are strongly urged to update immediately, as exploitation remains active.

[![Hackers Actively Exploit](https://media.mailhop.org/duocircle/images/2025/11/dmarc-generator-5603.jpg)](https://media.mailhop.org/duocircle/images/2025/11/dmarc-generator-5603.jpg)

## Patient Information Exposed in Sedgebrook and Heartland Cyberattacks

[Sedgebrook,](https://www.welcometosedgebrook.com/) a retirement village and skilled nursing provider in Lincolnshire, Illinois disclosed a [ransomware incident that disrupted its network](https://www.hipaajournal.com/sedgebrook-heartland-health-center-ransomware-attacks/) in early May 2025\. The organization detected the attack on May 5 and, with digital forensics support, found the ransomware actor had access from May 4 to May 5 and encrypted files. A review completed on **August 26 confirmed** that some of the exposed files contained protected health information, including names, addresses, birth dates, Social Security and driver’s license numbers, financial account and insurance details, medical treatment information and medical record numbers. Notification letters began going out on October 24\. _While Sedgebrook says there is no evidence so far of misuse, affected individuals with exposed identity numbers have been offered complimentary credit monitoring and identity theft protection_. The incident is not yet visible on the HHS OCR breach portal.

[Heartland Health Center](https://www.heartlandhealthcenter.org/), which operates clinics in Ravenna and Hastings, Nebraska, identified [suspicious activity](https://www.msspalert.com/news/mssp-market-news-malicious-activity-spikes-after-crowdstrike-outage) on February 4, 2025 and launched an investigation with outside cybersecurity experts. That review concluded on June 3 that sensitive patient data had been exposed and may have been stolen by the attacker. Information involved varies by person and include names, dates of birth, Social Security or driver’s license numbers, account details, diagnosis and treatment data, insurance information, medical record identifiers and other clinical data. Although Heartland says it maintains **robust security controls** and is strengthening them further, the Medusa ransomware group has claimed responsibility. Affected patients have been offered single bureau credit monitoring and related services. The **HHS OCR portal** does not currently list either breach.

[![Social Security](https://media.mailhop.org/duocircle/images/2025/11/spf-record-check-3321.jpg)](https://media.mailhop.org/duocircle/images/2025/11/spf-record-check-3321.jpg)

## PhantomRaven Campaign Targets npm Developers with 100+ Malicious Packages

[Cybersecurity](/) researchers have uncovered [a new supply chain attack, codenamed PhantomRaven](https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies), that is targeting developers through the npm registry. **Discovered by Koi Security**, the campaign began in August 2025 and has since grown to 126 malicious npm packages with over 86,000 installs. The goal is to steal developer credentials, GitHub tokens, and CI/CD secrets from infected machines. Some of the [flagged packages include op-cli-installer, unused-imports, and eslint-comments](https://dcodx.com/5-npm-malicious-packages-caught-exfiltrating-ci-cd-and-local-machine-secrets/).

What makes PhantomRaven stand out is the way attackers hide their code. Instead of pulling dependencies from [npmjs\[.\]com](https://www.npmjs.com/), the malicious packages point to an attacker-controlled domain, packages.storeartifact\[.\]com. This lets them avoid detection by **security scanners and analysis tools**. _Once installed, the packages trigger a pre-install hook that downloads a remote payload, scans the system for sensitive data, and sends it back to the attacker’s server_. Researchers say the threat actor used “[slopsquatting](https://dcodx.com/5-npm-malicious-packages-caught-exfiltrating-ci-cd-and-local-machine-secrets/),” creating fake yet super realistic package names that AI tools might suggest to developers. The campaign shows how [threat actors](/phishing-protection/threat-actors-exploit-google-calendar-for-phishing-and-spoofing/) are getting better and better at abusing open-source ecosystems, taking advantage of npm’s lifecycle scripts and weak dependency visibility to stay hidden.

## Topics

cyber securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]  Jan 2, 2025 ](/blog/announcements/cyber-security-news-update-week-1-of-2025/)[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27, 2025]","description":"Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/","datePublished":"2025-11-03T16:22:52.000Z","dateModified":"2025-11-03T17:34:41.000Z","dateCreated":"2025-11-03T16:22:52.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1117,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/11/spf-record-tester-6780.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27, 2025]","description":"Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities, Cybersecurity News [October 27.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/","datePublished":"2025-11-03T16:22:52.000Z","dateModified":"2025-11-03T17:34:41.000Z","dateCreated":"2025-11-03T16:22:52.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-45-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1117,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/11/spf-record-tester-6780.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```