Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we're diving into a whirlwind of vulnerabilities, patches, and cyber threats that are keeping the digital world on its toes. We start with an alert issued by FortiOS and FortiProxy, warning of an authentication bypass vulnerability that could compromise their systems. Meanwhile, AI's double-edged sword is becoming more apparent as cybercriminals leverage its power to enhance their attacks, exposing companies to new types of vulnerabilities. Google Chrome users, it's time to hit that update button as Google confirms 13 new security vulnerabilities. And speaking of vulnerabilities, CISA warns of a second BeyondTrust vulnerability being exploited in attacks, emphasizing the need for strong cybersecurity measures. In the world of patches, Microsoft has disclosed a recently patched security vulnerability in Apple's macOS, and January's Patch Tuesday reveals a staggering 161 vulnerabilities. Severe Rsync vulnerabilities risk RCE and data leaks, and Microsoft's largest Patch Tuesday since 2017 has fixed 161 vulnerabilities. In the podcast corner, we have episodes discussing everything from economic development with AI and cybersecurity to the history and future of cyberwar. Stay tuned for more updates and remember, knowledge is your best defense in the ever-evolving landscape of cybersecurity. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. FortiOS and FortiProxy Compromise Alert Issued: An authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy has been reported. The cybersecurity company has advised users to take immediate action. Source: Australian Cyber Security Magazine.
2. AI's Double-Edged Sword: Harnessing Power While Mitigating Risks: Cybercriminals are leveraging AI to enhance their attacks, exposing companies to new types of vulnerabilities. However, AI also presents opportunities for improved security measures. Source: MSSP Alert.
3. Chrome 132—Update Now Warning Issued To All Google Browser Users: Google has confirmed 13 new security vulnerabilities, urging all Chrome browser users to update immediately. Source: Forbes.
4. CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a second vulnerability in BeyondTrust software being exploited in cyberattacks. Source: OODAloop.
5. Fortinet Vulnerability Exploited: Patch Now to Prevent Super-Admin Breaches: A cyberattack on Eindhoven University has highlighted the importance of patching a vulnerability in Fortinet to prevent super-admin breaches. Source: The Cyber Express.

Vulnerabilities & Patches

1. macOS SIP Exploit (CVE-2024-44243): A recently patched security vulnerability in Apple's macOS could allow an attacker to install persistent malware. Users are urged to update their Macs immediately to mitigate the risk. Source: Dataconomy
2. Windows Hyper-V NT Kernel Integration VSP Vulnerabilities (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335): Microsoft has addressed a trio of elevation of privilege vulnerabilities in Windows Hyper-V NT Kernel Integration VSP. These flaws are known to have been exploited in the wild. Source: SecurityBrief Australia
3. Rsync Vulnerabilities (CVE-2024-12084, CVE-2024-12085): Severe vulnerabilities in Rsync, with a CVSS score of 9.8, risk remote code execution and data leaks. Clients can exploit these vulnerabilities, making it crucial for users to patch these security holes. Source: SC Media
4. Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21294): Microsoft's January 2025 Patch Tuesday updates fixed this vulnerability among others. This flaw allows remote code execution, posing a significant threat to system security. Source: Yahoo Tech
5. Zimbra Postjournal Flaw (CVE-2024-45519): This critical flaw is actively being exploited in the wild. Users are strongly advised to apply the patch immediately to prevent potential security breaches. Source: Security Affairs

Podcasts

1. Techies Today Episode 021: Justin Yang, Research with Real-World Impact: This episode of Techies Today features Justin Yang discussing his research on Holistic Safety & Security, focusing on critical infrastructure. Source: Purdue Polytechnic.
2. Project Catalyst: Episode 12: Powering Economic Development with Andrew Tate of Duke Energy: This podcast episode discusses the role of AI and cybersecurity in powering economic development, featuring Andrew Tate from Duke Energy. Source: JD Supra.
3. Ahead of the Threat Podcast: Episode Six - Charles Carmakal - FBI: Charles Carmakal discusses core aspects of cybersecurity such as zero trust, real-time detection, remote access technology, password management, and privilege access management. Source: FBI.
4. CyberWire Daily: Ep 2225: This episode discusses a massive malware cleanup, including the FBI's deletion of PlugX malware from thousands of U.S. computers and vulnerabilities in Windows 11. Source: CyberWire.
5. GeTtin' SALTy Pod: Navigating California's Tax Landscape in 2025: Host Nikki Dobay and guest Shail Shah discuss the future of California's tax landscape in 2025 in this episode of the GeTtin' SALTy podcast. Source: National Law Review.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, we hope you found the information valuable in your quest to stay ahead of the curve in the ever-evolving landscape of cybersecurity. Remember, the first step in defense is awareness. Keep your systems updated, patch vulnerabilities promptly, and stay informed about the latest threats. In the world of cybersecurity, knowledge is power. Share this power with your friends and colleagues. Forward this newsletter to them so they too can stay one step ahead of cybercriminals. Stay safe, stay informed, and keep sharing. See you in the next edition of ONSEC Cyber Daily.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn