ONSEC: Boutique Penetration Testing Agency

Sign in Subscribe

ONSEC.io Research Team

ONSEC.io Research Team

Cyber Daily 1/28: WinRAR Exploit Hits Russia & China, Microsoft Office Zero-Day Forces Emergency Patch, Military Tech Vulnerabilities Exposed, Linux Flaws Under Siege

Cyber Daily 1/28: WinRAR Exploit Hits Russia & China, Microsoft Office Zero-Day Forces Emergency Patch, Military Tech Vulnerabilities Exposed, Linux Flaws Under Siege

Welcome to the January 28th edition of ONSEC Cyber Daily, where today's headlines weave a narrative of relentless cyber threats and vulnerabilities. Our lead story uncovers the active exploitation of a critical WinRAR path traversal flaw, CVE-2025-8088, by both nation-state actors and cybercriminals, highlighting the persistent threat landscape.

Cyber Daily 1/27: CISA Alerts on VMware & Zimbra Exploits, NYDFS Phishing Scam Warning, Microsoft Patches Office Zero-Day, Apache Hadoop Vulnerability Risks

Cyber Daily 1/27: CISA Alerts on VMware & Zimbra Exploits, NYDFS Phishing Scam Warning, Microsoft Patches Office Zero-Day, Apache Hadoop Vulnerability Risks

Welcome to the January 27th edition of ONSEC Cyber Daily, where today's headlines weave a tale of escalating cyber threats and urgent defenses. The U.S. Cybersecurity Agency has sounded the alarm, adding six new vulnerabilities to its known-exploited list, spotlighting critical flaws in VMware vCenter and Zimbra.

Cyber Daily 1/22: Vodafone Phishing Alert, CISA Urges Action, Cisco Zero-Day Patched, Global Vulnerability Enumeration Launched

Cyber Daily 1/22: Vodafone Phishing Alert, CISA Urges Action, Cisco Zero-Day Patched, Global Vulnerability Enumeration Launched

Welcome to the January 22nd edition of ONSEC Cyber Daily, where we unravel the intricate web of vulnerabilities threatening our digital landscape. Today's narrative weaves through a tapestry of cyber threats, starting with a stark revelation from Vodafone's survey highlighting the persistent peril of staff phishing

Cyber Daily 1/21: UK Hacktivist Threat, Apple & Google Patch Urgency, Anthropic & HPE Vulnerabilities

Cyber Daily 1/21: UK Hacktivist Threat, Apple & Google Patch Urgency, Anthropic & HPE Vulnerabilities

Welcome to the January 21st edition of ONSEC Cyber Daily, where today's headlines weave a cautionary tale of vulnerabilities and urgent updates. The UK's National Cyber Security Centre (NCSC) has sounded the alarm on hacktivist groups targeting British organizations and online services, urging heightened vigilance. Meanwhile,

Cyber Daily 1/15: Apple & Manage My Health Ignored Warnings, CISA Orders Gogs Fix, Pakistan's WhatsApp Hijack Alert, Dutch Police's Vulnerable IT Infrastructure

Cyber Daily 1/15: Apple & Manage My Health Ignored Warnings, CISA Orders Gogs Fix, Pakistan's WhatsApp Hijack Alert, Dutch Police's Vulnerable IT Infrastructure

Welcome to the January 15th edition of ONSEC Cyber Daily, where today's headlines weave a cautionary tale of ignored warnings and urgent alerts. In a world where cyber threats loom large, Manage My Health's oversight of lax security measures raises alarms, echoing the broader narrative of

Cyber Daily 1/14: Microsoft Zero-Day Exploit, Gogs Vulnerability Alert, CISA's Expanding KEV List, Adobe's Critical Fixes

Cyber Daily 1/14: Microsoft Zero-Day Exploit, Gogs Vulnerability Alert, CISA's Expanding KEV List, Adobe's Critical Fixes

Welcome to the January 14th edition of ONSEC Cyber Daily, where we unravel the latest in cybersecurity threats and defenses. Today, we dive into a critical vulnerability that has rocked the tech world: the Desktop Windows Manager flaw, CVE-2026-20805, now spotlighted in CISA's Known Exploited Vulnerabilities catalog. This

Cyber Daily 1/7: CISA's 2025 Vulnerability Surge, IBM API Alert, n8n Command Flaw, Fermilab Cyberattack, Samsung's 2026 Patch, Dolby Android Fix, Open WebUI AI Risk

Cyber Daily 1/7: CISA's 2025 Vulnerability Surge, IBM API Alert, n8n Command Flaw, Fermilab Cyberattack, Samsung's 2026 Patch, Dolby Android Fix, Open WebUI AI Risk

Welcome to the ONSEC Cyber Daily, where today's issue dives into the relentless surge of cyber vulnerabilities that have marked the year 2025 as a pivotal moment in cybersecurity history. As the CISA KEV catalog reveals an alarming acceleration in exploited vulnerabilities, the pressure on zero-day defenses intensifies