Welcome to the ONSEC Cyber Daily, where today's headlines weave a complex narrative of vulnerability and urgency. As the government shutdown sidelines key cybersecurity personnel, the nation's critical infrastructure stands exposed, raising alarms about potential threats to our electric grid and water supply. Meanwhile, hackers have struck Kido Schools, erasing children's data, while Google sounds the alarm on the Clop ransomware, underscoring the relentless nature of cyber threats. Apple users face a critical update to shield their devices from a newly discovered vulnerability, while Google races to patch a zero-day threat in Chrome. In a world where every click could be a gateway to disaster, the urgency to patch vulnerabilities—from OpenSSL bugs to Cisco firewalls—has never been more pressing. As we navigate these turbulent cyber waters, remember: vigilance is our first line of defense. Stay informed, stay secure.

Exploits Alert

1. Shutdown Furloughs at Cybersecurity Agency Raise Vulnerability Concerns: The recent government shutdown has led to the furlough of workers from a key cybersecurity agency responsible for safeguarding the U.S. electric grid and water supply. This has raised significant concerns about increased vulnerabilities in critical infrastructure. The absence of these workers could leave the nation exposed to potential cyber threats. Source.
2. Hackers Delete Data of Kido Schools Children: In a concerning cyber incident, hackers have successfully deleted data belonging to children at Kido Schools. This breach highlights the increasing threat to educational institutions and the sensitive data they hold. Google has also issued an alert regarding Clop ransomware, urging vigilance among employees. Source.
3. iPhone Users ALERT: Update Devices Immediately: A critical vulnerability affecting iPhones, iPads, MacBooks, and Vision Pro devices has been identified, potentially exposing millions to cyber threats. Users are urged to update their devices immediately to mitigate the risk of exploitation. This flaw underscores the importance of timely software updates to protect personal and sensitive information. Source.

Vulnerabilities & Patches

1. Trio of OpenSSL Bugs Addressed: The OpenSSL Project has patched three new vulnerabilities, including the high-severity CVE-2024-12797, which affects the secure communications library. This update comes months after the initial discovery, emphasizing the importance of timely patching to maintain secure communications. Source.
2. Three New Vulnerabilities in TOTOLINK X6000R Routers: Critical vulnerabilities, including CVE-2025-52906, have been discovered in TOTOLINK X6000R routers, allowing attackers to execute arbitrary code. Rated at a severity score of 9.3, these flaws necessitate immediate attention and patching to prevent unauthorized access. Source.
3. Google Chrome Patches New Zero-Day Threat: Google has released an urgent security update for Chrome to address a zero-day vulnerability, CVE-2025-10585, actively exploited in the wild. Users are advised to update their browsers immediately to protect against potential attacks. Source.
4. PoC Exploit Released for VMware Workstation Vulnerability: A proof-of-concept exploit has been released for a VMware Workstation vulnerability, CVE-2023-20869, which allows guest-to-host escapes via a stack-based buffer overflow. Users should ensure they are running version 17.0.2 or later to mitigate this risk. Source.
5. NCERT Issues Red Alert on SAP NetWeaver Vulnerabilities: Pakistan's CERT has issued a red alert for critical vulnerabilities in SAP NetWeaver, including CVE-2025-42944, which could lead to full system takeover. Immediate patching is urged to safeguard against these high-risk flaws. Source.

Podcasts

1. The Quantum Minute Named Best Podcast Series In 2025: The Quantum Minute has been recognized as the best podcast series of 2025, highlighting its rapid growth since its launch in 2019. With a focus on cybersecurity, the podcast has aired around 6,000 episodes, making it a staple for those interested in the latest cyber trends and insights. Source.
2. Cybersecurity Awareness Month 2025: Passwords Vs. AI: This podcast episode from The Cyber Express delves into the ongoing battle between traditional password security and emerging AI technologies. As part of Cybersecurity Awareness Month 2025, it explores how AI is reshaping security protocols and what this means for the future of digital safety. Source.
3. SECURITY.COM The Podcast: From Cybersecurity Products to Platforms: In this episode, Dan Mellinger discusses the evolution of cybersecurity from standalone products to comprehensive platforms with Nate Fitzgerald from Broadcom. The conversation provides insights into how companies are adapting to the changing landscape of cyber threats. Source.
4. Sophos: Defeat Cyberattacks With Cybersecurity-as-a-Service: Cybercrime Magazine's podcast features a discussion on how Sophos is leveraging Cybersecurity-as-a-Service to combat cyberattacks. The episode includes perspectives from victims, law enforcement, and cybersecurity experts, offering a comprehensive view of the current threat landscape. Source.
5. Data Governance in the Age of AI: This episode from the CISO Series explores the challenges and strategies of data governance in an era dominated by AI. Sponsored by Cyera, the discussion focuses on securing data across various environments and the implications of AI on data security practices. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the cybersecurity landscape is as dynamic as ever. From government shutdowns impacting critical infrastructure protection to the relentless tide of vulnerabilities affecting everything from school data to our beloved devices, the need for vigilance has never been more crucial. Whether it's the latest Clop ransomware alert or the urgent patches for Google Chrome and Cisco firewalls, staying informed is our best defense. Remember, cybersecurity is a collective effort. Share this newsletter with your friends and colleagues to ensure they're equipped with the knowledge to protect themselves and their organizations. Together, we can build a more secure digital world. Until tomorrow, stay safe and stay cyber-aware!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn