Welcome to the ONSEC Cyber Daily for October 29th, where the digital landscape is more turbulent than ever. Today, we delve into a world where cyber threats are escalating at an alarming pace, prompting experts to sound the alarm for immediate action. From the halls of NIBSS, where cyber resilience is championed, to the corridors of MedImpact Healthcare Systems, under siege by the Qilin ransomware, the urgency is palpable. As vulnerabilities in supply chains and property markets expose new weaknesses, the call for robust defenses grows louder. Meanwhile, critical vulnerabilities like the ASP.NET flaw threaten enterprise security, demanding swift patching. In this interconnected narrative, human error remains a persistent adversary, even as AI becomes a double-edged sword in the cybersecurity arsenal. Join us as we navigate these pressing issues, offering insights and strategies to fortify your defenses in this ever-evolving cyber battleground.

Exploits Alert

1. MedImpact Healthcare Systems Targeted by Qilin Ransomware: MedImpact Healthcare Systems has fallen victim to a cyberattack by the Qilin ransomware group. This attack highlights the ongoing threat to healthcare providers, emphasizing the need for robust cybersecurity measures to protect sensitive patient data. Source: TechNadu.
2. Experts Call for Urgent Actions to Tackle Rising Cyber Threats: Cybersecurity experts are urging immediate action to combat the increasing frequency and sophistication of cyber threats. Emphasizing the importance of cyber resilience, industry leaders highlight the need for proactive measures to safeguard digital infrastructures. Source: The Guardian Nigeria News.
3. Why Suppliers Could Be a Big Source of Cyber Vulnerability: As cyberattacks become more severe, the vulnerabilities within supply chains are under scrutiny. Legal competition and innovation stifling are identified as factors that could exacerbate these vulnerabilities, necessitating strategic approaches to mitigate risks. Source: Pinsent Masons.
4. Property Market at Increasing Risk of Cyberattacks: The property market is facing heightened risks from sophisticated cyberattacks, particularly targeting the Land Registry. Industry groups warn of the growing expectations for cyber resilience to protect against potential breaches. Source: Estate Agent Today.
5. Human Error Remains Cybersecurity's Weakest Link: Despite advancements in artificial intelligence, human error continues to be a significant vulnerability in cybersecurity. Experts warn that addressing this issue is crucial to strengthening defenses against cyber threats. Source: Capacity Global.

Vulnerabilities & Patches

1. Critical ASP.NET Vulnerability Lets Attackers Smuggle Malicious HTTP Requests: A severe vulnerability, tracked as CVE-2025-55315 with a CVSS score of 9.9, has been identified in ASP.NET, allowing attackers to smuggle malicious HTTP requests. Immediate patching is advised to protect enterprise systems from potential exploitation. Source: cyberpress.org
2. CVE-2025-62725: From “docker compose ps” to System Compromise: A high-severity vulnerability, CVE-2025-62725, has been patched by the Docker team. This flaw, rated with a CVSS score of 8.9, could lead to system compromise if not addressed. Users are urged to upgrade to the latest version to mitigate risks. Source: securityboulevard.com
3. HackingTeam Successor Linked to Recent Chrome Zero-Days: A vulnerability, CVE-2025-24893, has been linked to a HackingTeam successor, involving an unauthenticated remote template-injection bug. Although patched in February, users are reminded to ensure their systems are updated to prevent exploitation. Source: news.risky.biz
4. Critical CVE-2025-55315 Hits QNAP NetBak PC Agent: QNAP has issued a patch for a critical ASP.NET vulnerability affecting its NetBak PC Agent, tracked as CVE-2025-55315. This flaw could have severe consequences, and administrators are advised to test patches in controlled environments before widespread deployment. Source: thecyberexpress.com
5. CISA Warns DELMIA Apriso Vulnerabilities Are Under Attack: CISA has highlighted vulnerabilities in DELMIA Apriso, with CVE-2025-6205 being the most critical. Federal agencies have been given a deadline to patch these vulnerabilities to prevent potential attacks. Source: thecyberexpress.com

Podcasts

1. The Data Stream – Episode 3 with Melinda McLellan: This episode dives into the intersection of cybersecurity, advertising, AI, and other emerging technologies. Melinda McLellan shares insights and practical tips for navigating the complex digital landscape, making it a must-listen for professionals in the field. Source: JDSupra.
2. Tech Guide Podcast – Episode 668: This top-rated podcast explores how AI has become a new tool for cybercriminals and scammers. The episode provides listeners with the latest updates and strategies to protect themselves against these evolving threats. Source: Tech Guide.
3. The Cyber Brief: This podcast is tailored for decision-makers in cybersecurity, focusing on the human side of cyber incidents. Episode one features Peter Coroneos from Cybermindz, offering valuable perspectives on managing cyber threats. Source: Allens.
4. Security Boulevard Podcast – Rethinking Identity Security in the Age of AI: This episode discusses AI's transformative role in cybersecurity, particularly in identity security. It provides insights into how AI is reshaping security strategies and what organizations can do to adapt. Source: Security Boulevard.
5. CISO Series Podcast: Hosted by David Spark and Jerich Beason, this episode addresses the challenges of evaluating new solutions amidst the AI hype. It offers a candid discussion on the practicalities of integrating AI into cybersecurity frameworks. Source: CISO Series.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is evolving at a rapid pace, with cyber threats becoming more sophisticated and pervasive. From the urgent calls for action by experts to the relentless wave of ransomware attacks and vulnerabilities in critical systems, the need for robust cyber resilience has never been more pressing. As Olusola Odediran from NIBSS emphasized, building a resilient cyber infrastructure is not just a necessity but an imperative for safeguarding our digital future. In this ever-changing environment, staying informed and proactive is key. Whether it's understanding the latest vulnerabilities or implementing timely patches, every step counts in fortifying our defenses. Remember, cybersecurity is a collective effort, and sharing knowledge is a powerful tool in our arsenal. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Until tomorrow, stay vigilant and stay secure!