Welcome to the latest issue of ONSEC Cyber Daily, where we bring you the most pressing cybersecurity news from around the globe. Today, we're diving into a wave of vulnerabilities and cyber threats that are putting tech users and companies on high alert. Google Chrome users, take note - the Indian government has issued a stark warning about hacking risks. Meanwhile, Chinese AI app DeepSeek is grappling with a large-scale cyberattack, prompting a temporary halt in registrations. In the corporate world, Fenix24 is bolstering its cyber resilience by acquiring vArmour, while Brave Desktop Browser is dealing with a vulnerability that could make malicious sites appear trustworthy. SonicWall is also on high alert, warning of hackers targeting a critical vulnerability in its SMA 1000 series appliances. Even modern automobiles aren't immune to cyber threats, with experts warning of privacy risks and serious vulnerabilities in Subaru's Starlink infotainment system. And in the world of tech giants, both Microsoft and Apple users are being urged to update their systems urgently to protect against potential cyberattacks. In addition to these threats, we'll also be discussing the latest patches and updates, including Apple's patch for a zero-day bug threatening iPhones and Macs, Microsoft's critical BitLocker vulnerability patch, and Chrome's high-severity vulnerability patch. Finally, we'll wrap up with some insightful cybersecurity podcasts, including discussions on network appliances, healthcare IT data, and the latest vulnerability in the Meta Llama Framework. Stay tuned for these stories and more in today's ONSEC Cyber Daily. Stay safe, stay informed.

Exploits Alert

1. Chinese AI app DeepSeek Cyberattack: The AI application DeepSeek has limited its registration following a large-scale cyberattack. The extent of the damage is yet to be determined. Source: MSN
2. Fenix24 Acquires vArmour for Cyber Resilience: Fenix24 has acquired vArmour to enhance its cyber resilience. This move comes after the discovery of a vulnerability, tracked as CVE-2024-50050. Source: MSSP Alert
3. Brave Desktop Browser Vulnerability: A vulnerability in the Brave Desktop Browser allows malicious sites to appear trusted, posing a significant security risk. Users are advised to update their browsers to the latest version. Source: Hackread
4. SonicWall Vulnerability in SMA 1000 Series Appliances: SonicWall has issued a warning about a critical vulnerability in its SMA 1000 series appliances. Hackers are reportedly targeting this vulnerability. Source: Cybersecurity Dive
5. Privacy Risks in Modern Automobiles: Cybersecurity experts have warned of privacy risks in modern automobiles. Hackers have revealed serious vulnerabilities in Subaru's Starlink infotainment system, enabling remote vehicle control and access to sensitive data. Source: gHacks Tech News

Vulnerabilities & Patches

1. iOS 18.3 Released With Urgent Security Fixes: Apple has released an update for iOS 18.3 that addresses multiple security flaws, one of which is already being actively exploited. The exploited vulnerability is tracked as CVE-2025-24085. Users are urged to update immediately to protect their devices. Source: benzinga.com
2. Fortinet FortiOS Authentication Bypass: A vulnerability in Fortinet FortiOS allows for authentication bypass, potentially giving attackers unauthorized access. The vulnerability is tracked as CVE-2024-55591. Users are advised to apply the available patches to secure their systems. Source: labs.watchtowr.com
3. Microsoft Patches Critical BitLocker Vulnerability: Microsoft has patched a critical vulnerability in BitLocker, tracked as CVE-2025-21210 and dubbed "CrashXTS". The vulnerability could enable data extraction, and users are advised to apply the patch included in the January 2025 security update. Source: cyberkendra.com
4. SonicWall SMA Appliances Exploited in Zero-Day Attacks: A critical flaw in SonicWall SMA 1000 appliances, tracked as CVE-2025-23006, is being exploited as a zero-day. The flaw has a CVSS score of 9.8, indicating a high level of severity. Users are urged to patch their systems immediately to protect against attacks. Source: hackread.com
5. SAP Patches in January Close Critical Gaps: SAP has released patches to close critical security gaps. The first critical safety notice, CVE-2025-0070 with a CVSS score of 9.9, addresses an improper authentication vulnerability. Users are advised to apply the patches to secure their systems. Source: b2b-cyber-security.de

Podcasts

1. BTS #44 - Network Appliances: A Growing Concern - Security Boulevard: In this episode, Paul Asadoorian and Chase Snyder discuss the increasing security concerns related to network appliances. The discussion also includes the recent CrowdStrike incident. Source: Security Boulevard
2. CIO Podcast – Episode 89: Healthcare IT Data with John Lee: The 89th episode of the CIO podcast features John Lee, MD, FAAEM, FAMIA, FHIMSS, Founder at HIT Peak, discussing Healthcare IT Data. The conversation provides valuable insights into the current state of healthcare IT. Source: Healthcare IT Today
3. Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed - Security Boulevard: This episode discusses the recent Gravy Analytics breach and the exposure of Subaru Starlink's vulnerability. The podcast is authored by Tom Eston and provides a detailed analysis of these security incidents. Source: Security Boulevard
4. CISA Board closed, UnitedHealth numbers rise, Llama vulnerability - CISO Series: The episode covers various cybersecurity news including the closure of the CISA Board, the rise in UnitedHealth numbers, and the Llama vulnerability. However, the specific episode details could not be retrieved. Source: CISO Series
5. Twit.TV Unveils Upgraded Tech Podcasts, Expanding Its Renowned TWiT Lineup: Twit.TV has introduced new episodes focusing on critical topics such as cybersecurity news. The network's cybersecurity-focused podcast, Security Now, continues to deliver valuable content. Source: The Globe and Mail

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, we leave you with a reminder that the digital world is a battlefield. The threats are real, from Google Chrome vulnerabilities to the privacy risks in modern automobiles. But remember, knowledge is power. By staying informed, you're already one step ahead in the fight against cybercrime. Don't forget to update your devices and applications regularly, as companies like Apple and Microsoft are constantly releasing patches to fix vulnerabilities. And if you're a business owner, consider investing in website security check tools to protect your online presence. We hope you found today's newsletter informative and helpful. If you did, why not share it with your friends and colleagues? After all, cybersecurity is everyone's responsibility. Stay safe, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn