Welcome to the January 27th edition of ONSEC Cyber Daily, where today's headlines weave a tale of escalating cyber threats and urgent defenses. The U.S. Cybersecurity Agency has sounded the alarm, adding six new vulnerabilities to its known-exploited list, spotlighting critical flaws in VMware vCenter and Zimbra. Meanwhile, the NYDFS warns of a cunning email scam targeting its regulated entities, underscoring the relentless nature of cyber adversaries. Microsoft races against time, issuing emergency patches for a zero-day vulnerability in Office, as organizations scramble to shield themselves from potential breaches. As the digital landscape grows increasingly perilous, today's insights serve as a stark reminder of the ever-present need for vigilance and rapid response in the face of evolving cyber threats. Stay informed, stay secure.

Exploits Alert

1. Hacked: US Cyber Agency Adds Six Vulnerabilities to Known-Exploited Listing: The US Cybersecurity and Infrastructure Security Agency (CISA) has expanded its catalog of known-exploited vulnerabilities by adding six new entries. This move underscores the ongoing threat landscape and the need for organizations to remain vigilant against potential exploits. Source.
2. CISA Warning About Attacks on VMware vCenter, Zimbra, and More: The Federal Office for Information Security (BSI) has issued a warning regarding the exposure of hundreds of Zimbra servers on the internet. This vulnerability poses a significant risk, highlighting the importance of securing these systems against potential cyberattacks. Source.
3. NYDFS Issues Cybersecurity Threat Alert Regarding Email Scam: The New York Department of Financial Services (NYDFS) has alerted its regulated entities about a phishing scam that impersonates the regulator. This scam aims to deceive recipients into divulging sensitive information, emphasizing the need for heightened email security awareness. Source.
4. US Cybersecurity Agency Issues Warning on Active Exploitation of VMware vCenter, Zimbra: CISA has released an alert concerning ongoing cyberattacks targeting VMware vCenter and Zimbra. This alert serves as a critical reminder for organizations to patch vulnerabilities promptly to mitigate potential threats. Source.
5. CISA Issues Alert on Critical VMware vCenter RCE, Confirms Active Exploitation: A critical remote code execution vulnerability in VMware vCenter has been confirmed as actively exploited, according to CISA. This development necessitates immediate action from organizations to protect their data centers from potential breaches. Source.

Vulnerabilities & Patches

1. ArcGIS Pro 3.6.1 Patch: Esri has released a patch for ArcGIS Pro 3.6.1 to address a cross-site scripting vulnerability (CVE-2026-1446) with a CVSS score of 4.8. This vulnerability involves improper neutralization of input during web page generation, potentially allowing attackers to execute scripts in the context of the user's browser. Source: Esri Blog.
2. Appsmith Critical Vulnerability: A critical vulnerability in Appsmith (CVE-2024-37079) with a severity rating of 9.8 has been actively exploited, leading to potential account hijacking. Originally patched in 2024, this flaw underscores the importance of timely updates to prevent unauthorized access. Source: SC Media.
3. Microsoft Office Zero-Day Emergency Fix: Microsoft has issued an emergency patch for a high-severity zero-day vulnerability in Microsoft Office. This actively exploited flaw, rated as "Important" with a CVSS score of 7.8, allows attackers to bypass security features, emphasizing the need for immediate updates. Source: LinkedIn and The Cyber Express.
4. Oracle HTTP and WebLogic Vulnerability: CVE-2026-21962, affecting Oracle HTTP and WebLogic, has been mitigated by Imperva. The definitive remediation involves applying Oracle's January 2026 Critical Patch Update, highlighting the critical nature of regular patch management. Source: Security Boulevard.
5. Apache Hadoop Vulnerability: An out-of-bounds write vulnerability in Apache Hadoop (CVE-2025-27821) exposes systems to potential crashes or data corruption. The flaw occurs when the native HDFS client processes specially crafted URIs, necessitating immediate patching to safeguard data integrity. Source: Cybersecurity News and GBHackers.

Podcasts

1. TDL 014 | The Defender's Mentality – From Film Sets to Cyber Resilience: This podcast explores the unique journey of Francois, who transitioned from the film industry to cybersecurity. It highlights the parallels between creative problem-solving in filmmaking and strategic defense in cybersecurity, offering listeners insights into building resilience in the digital world. Source.
2. The CISO Brief: Cyber threats hitting the healthcare industry and keeping staff safe from scammers: This episode delves into the rising cyber threats targeting the healthcare sector, emphasizing the importance of safeguarding staff from scams. It also touches on recent incidents like the potential ASRock data breach, providing listeners with a comprehensive overview of current challenges. Source.
3. A Practical Guide to the New CCPA Regulations- PRIVACY PODCAST: This podcast provides a detailed guide to the new California Consumer Privacy Act (CCPA) regulations, focusing on cybersecurity audits and risk assessments. It aims to equip listeners with the knowledge needed to navigate these changes effectively. Source.
4. The Data Stream – Episode 6 with Daniel Kaufman: Hosted by BakerHostetler, this episode covers a range of topics from cybersecurity to AI and emerging technologies. It features insights and practical tips from industry experts, making it a valuable resource for anyone interested in the intersection of technology and law. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From the US Cyber Agency's latest additions to the known-exploited vulnerabilities list, to the critical alerts issued by CISA and NYDFS, the importance of staying informed and vigilant cannot be overstated. These updates serve as a reminder that cybersecurity is a collective effort, and sharing knowledge is key to building a resilient digital community. We encourage you to share this newsletter with your friends and colleagues. By spreading awareness, we can all contribute to a safer online environment. Remember, in the world of cybersecurity, knowledge is power, and together, we can make a difference. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn