Welcome to today's edition of ONSEC Cyber Daily, where we unravel a web of critical vulnerabilities and urgent patches that are shaking the cybersecurity landscape. Ivanti has sounded the alarm on two zero-day vulnerabilities in its Endpoint Manager Mobile, urging immediate action as hackers exploit these flaws. Meanwhile, federal authorities and security researchers are on high alert over a FortiCloud SSO vulnerability under active attack. As if the stakes weren't high enough, Microsoft and SolarWinds are racing against time to patch zero-day vulnerabilities that could leave countless systems exposed. In a world where every second counts, staying informed is your best defense. Dive into today's issue for the latest updates and expert insights on these unfolding cyber threats.

Exploits Alert

1. Alert! Ivanti warns of exploitation of Endpoint Manager Mobile zero-days: Ivanti has identified two critical vulnerabilities in its Endpoint Manager Mobile platform, urging immediate action as these zero-days are actively being exploited by hackers. The vulnerabilities could allow unauthorized access and control over affected systems, posing a significant threat to enterprise security. Source: Cybersecurity Connect
2. CISA, security researchers warn FortiCloud SSO flaw is under attack: A critical vulnerability in FortiCloud's Single Sign-On (SSO) feature is being actively targeted by cyber attackers. The flaw could potentially allow unauthorized access to sensitive data, prompting urgent advisories from CISA and security experts to mitigate the risk. Source: Cybersecurity Dive
3. Microsoft Exchange Server under siege from ProxyShell vulnerabilities: A series of ProxyShell vulnerabilities in Microsoft Exchange Server are being exploited in the wild, leading to unauthorized access and data breaches. Organizations are urged to apply patches immediately to protect against these high-impact exploits. Source: Bleeping Computer
4. Critical flaw in Apache HTTP Server allows remote code execution: A newly discovered vulnerability in Apache HTTP Server could enable attackers to execute arbitrary code remotely. This exploit poses a severe risk to web servers globally, necessitating prompt updates to secure systems. Source: ZDNet
5. VMware vCenter Server vulnerability exploited in ransomware attacks: A critical vulnerability in VMware vCenter Server is being leveraged by ransomware groups to gain unauthorized access and deploy malicious payloads. Security teams are advised to prioritize patching to prevent potential breaches. Source: SecurityWeek

Vulnerabilities & Patches

1. Ivanti EPMM Zero-Day Vulnerabilities Enable Remote Code Execution: Ivanti has disclosed two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting their Endpoint Manager Mobile (EPMM). These vulnerabilities allow remote code execution and are actively being exploited, prompting Ivanti to release emergency security updates. Organizations using affected versions are urged to apply patches immediately to mitigate risks. Source: SOCRadar, The Hacker News, Help Net Security
2. SolarWinds Patches Critical Web Help Desk Vulnerabilities: SolarWinds has issued patches for four critical vulnerabilities in their Web Help Desk software, including CVE-2025-40552 and CVE-2025-40554, which could allow remote authentication bypass. These vulnerabilities pose significant security risks, and users are advised to update their systems promptly to prevent potential exploitation. Source: SC Media
3. OpenSSL Vulnerability Leads to Denial-of-Service and Remote Code Execution: A newly discovered vulnerability in OpenSSL, tracked as CVE-2025-15467, can lead to denial-of-service attacks and remote code execution. The vulnerability has been patched, and organizations are encouraged to update their OpenSSL implementations to protect against potential threats. Source: SocPrime
4. FortiCloud SSO Authentication Bypass Vulnerability Exploited: CISA has added a FortiCloud SSO authentication bypass vulnerability to its Known Exploited Vulnerabilities catalog. This vulnerability is being actively exploited in attacks, and CISA urges federal agencies to apply the necessary patches as per BOD 22-01 guidelines to secure their systems. Source: Cybersecurity News
5. Microsoft Patches Office Zero-Day Under Active Exploitation: Microsoft has released an emergency patch for CVE-2026-21509, a zero-day vulnerability in Microsoft Office that is under active exploitation. This vulnerability allows attackers to bypass security measures, and users are strongly advised to apply the patch to safeguard their systems. Source: WinBuzzer

Podcasts

1. Pensions Pod: Cyber and AI Bytes - Key Takeaways from the Mini Series: This podcast series by Burges Salmon dives into the intersection of cyber and AI, offering insights from industry experts. The mini-series aims to equip listeners with a comprehensive understanding of how these technologies are shaping the future. Source
2. Talking Supply Chain: Is AI Expanding Cyber Risk?: This podcast episode from Supply Chain Management Review explores the potential risks AI introduces to the supply chain. Experts discuss how AI can both mitigate and exacerbate cyber threats, providing listeners with a nuanced perspective on managing these risks. Source
3. The Mob Museum, Las Vegas: Explore the Past, Present and Future of Cybercrime: Cybercrime Magazine's podcast series offers daily episodes featuring stories from victims, law enforcement, and cybersecurity experts. This series provides a comprehensive look at the evolution of cybercrime and its impact on society. Source
4. Sandbox Flaw Exposes n8n Instances, Fake Moltbot Assistant Drops Malware: The CISO Series podcast covers the latest cybersecurity news, including vulnerabilities and malware threats. This episode highlights the risks posed by sandbox flaws and malicious software, offering insights into protection strategies. Source
5. AI & New Cybersecurity Reality - Conversations with Dale Hoak: Hosted by Jay Bavisi, this EC-Council podcast episode features Dale Hoak discussing the evolving landscape of cybersecurity in the age of AI. The conversation provides valuable insights into the challenges and opportunities presented by AI in cybersecurity. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with new vulnerabilities and threats emerging at every turn. From Ivanti's urgent warnings about Endpoint Manager Mobile zero-days to the critical FortiCloud SSO flaw under attack, staying informed is more crucial than ever. These stories remind us of the importance of vigilance and proactive measures in safeguarding our digital environments. We hope you found today's insights valuable and encourage you to share this newsletter with friends and colleagues who are equally passionate about cybersecurity. Together, we can build a more secure digital world. Until tomorrow, stay safe and stay informed!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn