Welcome to the ONSEC Cyber Daily, where today's issue unravels a web of vulnerabilities and cyber threats that are reshaping the digital landscape. As CISA's Known Exploited Vulnerabilities (KEV) list balloons by 20% in 2025, the cyber world braces for impact. SlowMist sounds the alarm on a critical flaw at HitBTC Exchange, while Eaton's software vulnerabilities expose systems to arbitrary code execution. Meanwhile, a critical GNU Wget2 vulnerability threatens sensitive files, and Higham Lane School falls victim to a cyberattack, forcing a shutdown. In a race against time, Android and Samsung roll out patches to counteract zero-click vulnerabilities, while the notorious 'MongoBleed' bug remains under active attack. As cybercriminals exploit trusted infrastructures, the question looms: are augmented humans the next frontier in cybersecurity threats? Stay informed and stay secure with ONSEC Cyber Daily.

Exploits Alert

1. CISA Known Exploited Vulnerabilities (KEV) Soared 20% in 2025: The Cyber Express reports a significant 20% increase in known exploited vulnerabilities (KEV) in 2025, highlighting the growing threat landscape. This surge underscores the critical need for organizations to stay vigilant and prioritize patch management to safeguard their systems. Source
2. Critical GNU Wget2 Vulnerability Lets Remote Attackers Overwrite Sensitive Files: A severe vulnerability in GNU Wget2 has been identified, allowing remote attackers to overwrite sensitive files on affected systems. This flaw poses a significant risk to data integrity and security, urging users to apply necessary patches promptly. Source
3. Eaton Vulnerabilities Allow Attackers to Execute Arbitrary Code on Host Systems: Eaton has issued a critical advisory regarding multiple vulnerabilities in its UPS Companion software, which could enable attackers to execute arbitrary code. Users are strongly advised to update their systems to mitigate these high-severity threats. Source
4. SlowMist Flags Potential Security Risk at HitBTC Exchange: SlowMist has raised alarms over a critical vulnerability at HitBTC Exchange, following unsuccessful disclosure attempts. This vulnerability could potentially expose users to significant security risks, emphasizing the need for immediate attention and remediation. Source
5. La Poste and La Banque Postale Cyberattack by NoName057(16): A denial-of-service cyberattack by the group NoName057(16) temporarily disrupted online and mobile services for La Poste and La Banque Postale. This incident highlights the persistent threat of cyberattacks on critical infrastructure and the importance of robust defensive measures. Source

Vulnerabilities & Patches

1. Android's January 2026 Security Update Fixes Critical Dolby 0-Click Vulnerability: Google's January 2026 Android security update addresses a critical Dolby DD+ zero-click vulnerability (CVE-2025-54957) that could allow attackers to execute code remotely without user interaction. This vulnerability affects Pixel and Samsung devices, and users are urged to update their systems promptly to mitigate potential risks. Source: PiunikaWeb.
2. Samsung January 2026 Patch Details Out: Samsung's January 2026 One UI patch includes fixes for several vulnerabilities, including CVE-2024-43766, CVE-2025-32348, CVE-2025-48609, and CVE-2025-48635. These updates are crucial for maintaining device security, and users are advised to apply them as soon as possible. Source: Sammy Fans.
3. Critical 'MongoBleed' Bug Under Active Attack, Patch Now: The MongoBleed vulnerability (CVE-2025-14847) is currently being exploited, allowing attackers to access uninitialized heap memory on servers. This poses a significant threat to data integrity, and immediate patching is recommended to prevent unauthorized data access. Source: Dark Reading.
4. Eaton Vulnerabilities Allow Attackers to Execute Arbitrary Code on Host Systems: Eaton has disclosed two vulnerabilities, with CVE-2025-59887 being the more severe, scoring 8.6 on the CVSS scale. These flaws allow attackers to execute arbitrary code on host systems, and users are strongly advised to update their software to protect against potential exploits. Source: CyberPress.
5. A Quiet iOS Patch Fixes a Bug That Has Annoyed Users for Years: A recent iOS patch addresses a long-standing memory flaw in the ImageIO framework (CVE-2025-43300), which could lead to remote code execution. This fix was quietly included in the latest security notes, and users should update their devices to enhance security. Source: Reporter Byte.

Podcasts

1. Cybersecurity News: Palo Alto AI Warning, Resecurity Hack Fiasco, Christmas ColdFusion Attack: This podcast episode from the CISO Series delves into recent cybersecurity incidents, including a warning about Palo Alto's AI vulnerabilities, a significant hack involving Resecurity, and a ColdFusion attack that occurred over the holiday season. The discussion highlights the importance of staying updated with patches and the evolving nature of cyber threats. Source: CISO Series
2. Why Are Cybersecurity Predictions So Bad? – ESW #440: In this episode from SC Media, experts explore the challenges and inaccuracies in cybersecurity predictions. The discussion covers why many forecasts fail to materialize and how organizations can better prepare for unforeseen threats. The episode emphasizes the need for adaptive strategies in an unpredictable cyber landscape. Source: SC Media
3. Cybersecurity Implants: Are Augmented Humans the Next Attack Surface?: Hosted by Jay Bavisi on the EC-Council's Cybersecurity Podcast, this episode features Len Noe, a former black-hat hacker, discussing the potential risks associated with cybersecurity implants. The conversation explores how augmented humans could become new targets for cyber attacks, emphasizing the need for robust security measures in emerging technologies. Source: EC-Council

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the cyber landscape is more dynamic and challenging than ever. From the surge in CISA's Known Exploited Vulnerabilities to the critical warnings issued by SlowMist and Eaton, the need for vigilance and proactive measures is undeniable. The recent cyberattacks on institutions like Higham Lane School and La Poste remind us of the real-world impacts these vulnerabilities can have. In this ever-evolving digital world, staying informed is your first line of defense. We hope today's insights empower you to navigate these challenges with confidence. If you found this newsletter valuable, please share it with your friends and colleagues. Together, we can build a more secure cyber community. Until next time, stay safe and stay informed!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn