Welcome to the latest issue of ONSEC Cyber Daily, your go-to source for the most impactful cybersecurity news. Today, we delve into the top 5 cybersecurity trends of 2025, highlighting the increasing vulnerability of traditional encryption methods in the face of rapidly developing quantum technologies. We also report on the addition of Beyond Trust and Olik bugs to CISA's KEV list, emphasizing the critical role of vulnerability management in today's digital landscape. Meanwhile, attackers are exploiting an Aviatrix Controller flaw, underscoring the persistent threat to organizational data. In other news, a zero-day vulnerability in PDF files is causing NTLM data leaks in Adobe and Foxit Reader, while remediation times are dropping as cyber hygiene practices surge. On the patching front, Microsoft has released a record-breaking number of patches this month, addressing a staggering 157 vulnerabilities, including eight zero-day vulnerabilities. Among these, three have been actively exploited, highlighting the urgent need for immediate patch application. Finally, we bring you the latest podcast episodes that provide valuable insights into the ever-evolving world of cybersecurity. From exploring how the IRS Criminal Investigation Unit tackles crypto crimes to discussing the impact of AI and cybersecurity legislation, these podcasts offer a wealth of knowledge for cybersecurity enthusiasts and professionals alike. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense.

Exploits Alert

1. INE Security Alert: Top 5 Cybersecurity Trends of 2025: As quantum technologies evolve, traditional encryption methods are becoming more susceptible to advanced quantum attacks. This could potentially lead to a significant increase in cybersecurity threats. Source: Yahoo Finance
2. Beyond Trust, Olik Bugs Added to CISA's KEV List: The Cybersecurity and Infrastructure Security Agency (CISA) has added new vulnerabilities related to Beyond Trust and Olik to its Known Exploited Vulnerabilities (KEV) list. These vulnerabilities could potentially be exploited by cybercriminals. Source: MSSP Alert
3. Attackers Exploit Aviatrix Controller Flaw In The Wild: A vulnerability in the Aviatrix Controller is being exploited in the wild. The threat this vulnerability poses to organizational data has been highlighted, indicating a significant risk. Source: MSSP Alert
4. Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader: A zero-day vulnerability has been discovered in PDF files that is causing NTLM data leaks in Adobe and Foxit Reader. This vulnerability could potentially lead to unauthorized access to sensitive information. Source: Cyber Security News
5. Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges: As more organizations adopt cyber hygiene practices, remediation times for cybersecurity incidents have significantly decreased. This trend indicates a positive shift towards more proactive cybersecurity measures. Source: Infosecurity Magazine

Vulnerabilities & Patches

1. 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update: Microsoft has patched three actively exploited zero-day vulnerabilities in its latest security update. One of these flaws, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned any severity yet. Source: The Hacker News
2. January Patch Tuesday Resolves 3 Hyper-V Zero-Days: Microsoft's January Patch Tuesday addressed three Hyper-V zero-days (CVE-2025-21186, 21395, 21366), all of which are Microsoft Access remote-code execution flaws. These vulnerabilities are rated important with a CVSS score of 7.8. Source: TechTarget
3. Windows LPD Vulnerability Exposes Systems to Remote Code Execution: A vulnerability in Windows LPD (CVE-2025-21224) exposes systems to remote code execution. Microsoft recommends applying the latest security updates immediately to protect against this flaw. Source: Cybersecurity News
4. Microsoft Patches Record 157 Vulnerabilities in January 2025: Microsoft's January 2025 update includes patches for a record 157 vulnerabilities, including eight zero-day vulnerabilities, three of which have been actively exploited. Source: SecurityBrief Australia
5. Fortinet Zero-Day Vulnerability Exploited in Wild to Gain Super-Admin Privileges: A zero-day vulnerability in Fortinet has been exploited in the wild to gain super-admin privileges. Microsoft has released Windows 11 KB5050009 & KB5050021 cumulative updates to address this flaw. Source: Cybersecurity News

Podcasts

1. CyberWire Daily Podcast: This podcast offers a daily roundup of the most important news in the world of cybersecurity. It provides listeners with a comprehensive overview of the latest threats, trends, and technologies in the digital security landscape. Source: CyberWire.
2. Taking the Pulse, A Health Care and Life Sciences Video Podcast: This podcast focuses on the intersection of healthcare, life sciences, and cybersecurity. It offers insights into the latest legislative developments in AI and cybersecurity. Source: JDSupra.
3. Staying afloat: Navigating APAC's privacy, cyber and AI legal developments: This podcast dives deep into the dynamic world of regulatory developments across the Asia-Pacific region, focusing on privacy, cybersecurity, and AI. Source: A&O Shearman.
4. How IRS Criminal Investigation Unit Tackles Crypto Crimes: Podcast Ep. 145: This podcast episode discusses how the IRS's Cyber and Forensic Services unit is working against criminals in the crypto space. Source: Chainalysis.
5. I Support Open Source as Long as I Don't Have to Invest in It - CISO Series: This podcast episode discusses the challenges and benefits of supporting open-source software in the cybersecurity community. Source: CISO Series.

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found our insights valuable and actionable. As we navigate the ever-evolving landscape of cybersecurity, staying informed is our best defense. Remember, the world of cybersecurity is not just about the threats we face, but also about the solutions and strategies we can employ to stay one step ahead. If you found this newsletter helpful, we encourage you to share it with your friends, colleagues, and anyone else who might benefit from staying in the loop about the latest cybersecurity trends and updates. Let's work together to create a safer digital world for everyone. Until tomorrow, stay safe and stay informed.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)