Cyber Daily 10/1: CISA Alerts on Libraesva & Sudo Flaws, China Exploits VMware, Hackers Target Palo Alto

Cyber Daily 10/1: CISA Alerts on Libraesva & Sudo Flaws, China Exploits VMware, Hackers Target Palo Alto

Welcome to the ONSEC Cyber Daily for October 1, 2025. Today's issue dives into a web of vulnerabilities and exploits that are shaking the cybersecurity landscape. CISA has issued a critical alert on the active exploitation of the Libraesva ESG Command Injection vulnerability, a threat that is already being weaponized by cybercriminals. Meanwhile, hackers are probing the Palo Alto PAN-OS GlobalProtect vulnerability, adding another layer of urgency to the cybersecurity community's response. As if that weren't enough, VMware is grappling with a zero-day vulnerability under attack by China-linked hackers, a threat that has persisted since October 2024. Amidst these challenges, proactive patch management emerges as a crucial defense, with organizations urged to update their systems to mitigate these escalating threats. Stay informed and vigilant as we unravel the intricate narrative of today's cyber threats.

Exploits Alert

  1. CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks: In late September 2025, CISA issued an alert about the active exploitation of a command injection vulnerability in Libraesva ESG. This vulnerability is being leveraged by cybercriminals to deliver malware and launch phishing attacks, posing a significant threat to email security. Source: Cybersecurity News.
  2. Hackers Actively Probe Palo Alto PAN-OS GlobalProtect Vulnerability for Exploitation: Cybercriminals are actively scanning for vulnerabilities in Palo Alto's PAN-OS GlobalProtect, aiming to exploit weaknesses for unauthorized access. This vulnerability is under scrutiny due to its potential to compromise secure network communications. Source: GBHackers.
  3. VMware Zero-Day Under Attack By China-Linked Hackers Since October 2024: A zero-day vulnerability in VMware products has been under attack by China-linked hackers. Broadcom's advisory highlights multiple vulnerabilities, with four rated as high severity, necessitating immediate attention from users. Source: LinkedIn.
  4. CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw: CISA has issued an alert regarding the active exploitation of a flaw in Linux and Unix Sudo, which could allow attackers to gain elevated privileges. This vulnerability is critical for system administrators to address promptly to prevent unauthorized access. Source: GBHackers.
  5. Warning: Malicious AI Tools Being Distributed as Chrome Extensions by Threat Actors: Cybercriminals are exploiting the popularity of AI tools by distributing malicious Chrome extensions. These extensions pose a significant risk by potentially compromising user data and system integrity. Source: GBHackers.

Vulnerabilities & Patches

  1. Acronis Brings Patch Management to Consumer Backup Software: Acronis has released True Image 2026, which now includes built-in Windows patch management, AI threat detection, anti-ransomware, and malware scans. This update addresses CVE-2025-30247, enhancing security for consumers using backup software. Source.
  2. Apple Security Updates Fix Font Parser Vulnerability: Apple has rolled out security updates to fix an out-of-bounds write flaw in its font parser, identified as CVE-2025-43400. This vulnerability affects iOS, iPadOS, macOS, visionOS, and watchOS, and users are urged to update their devices immediately. Source.
  3. China Exploited New VMware Bug for Nearly a Year: A critical vulnerability, CVE-2025-41246, in VMware products has been exploited for almost a year. Broadcom has released patches, and users are advised to update their systems to prevent further exploitation. Source.
  4. CISA Issues Alert on Actively Exploited Linux and Unix Sudo Flaw: The CVE-2025-32463 vulnerability in Sudo, with a CVSS score of 9.3, allows local privilege escalation. CISA emphasizes the importance of proactive patch management to mitigate potential attacks. Source.
  5. Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability: CVE-2024-3400 is being actively weaponized by threat actors. Organizations are advised to implement vigilant patch management, proactive log inspection, and robust threat prevention measures. Source.

Podcasts

  1. VMware Vulnerability CVE-2025-41244 Exploited For a Year: This podcast episode delves into the prolonged exploitation of the VMware vulnerability CVE-2025-41244, highlighting the implications for organizations and the cybersecurity community. It provides insights into how this vulnerability was exploited over the past year and the lessons learned from this incident. Source.
  2. Black Hat USA 2025 CISO Podcast Series Episode 11: IGA is Dead: Long Live Identity Automation: This episode challenges the traditional Identity Governance and Administration (IGA) frameworks, advocating for a shift towards identity automation. It features expert discussions on the future of identity management and its impact on cybersecurity strategies. Source.
  3. Dr. Lori Moore-Merrell Talks Wildfire Mitigation in New Podcast Episode: In this episode, Dr. Lori Moore-Merrell discusses strategies for wildfire mitigation, emphasizing the importance of proactive measures and community involvement. The conversation provides valuable insights into disaster preparedness and response. Source.
  4. The Data Stream – Episode 2 with Robert Musiala: This podcast explores the intersection of cybersecurity, AI, and emerging technologies. Robert Musiala shares practical tips and insights, making it a must-listen for professionals navigating the digital landscape. Source.
  5. Time to Choose a Security Vendor: Dart Board or Spin the Wheel?: Hosted by David Spark, this episode of the CISO Series Podcast humorously tackles the challenges of selecting a security vendor. It offers practical advice and considerations for making informed decisions in the cybersecurity marketplace. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever, with new vulnerabilities surfacing and being actively exploited. From the CISA's alert on the Libraesva ESG command injection vulnerability to the ongoing probes into Palo Alto's PAN-OS GlobalProtect, and the relentless attacks on VMware by China-linked hackers, the need for vigilance and proactive defense strategies has never been more critical. Remember, cybersecurity is not just a personal responsibility but a collective effort. By staying informed and sharing knowledge, we can build a more resilient digital community. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can stay one step ahead of cyber threats. Until tomorrow, stay secure and stay informed!

ONSEC.io | LinkedIn
ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.
x.com