Welcome to the October 30th edition of ONSEC Cyber Daily, where the digital battlefield is more intense than ever. Today, we unravel a gripping saga of cyber chaos, starting with HSBC USA grappling with a data breach controversy after a significant cyber attack, highlighting the relentless allure of financial data for cybercriminals. Meanwhile, the Aisuru botnet is wreaking havoc with massive DDoS intrusions, and a serious RCE flaw threatens to give attackers full control over WatchGuard firewalls. As if that weren't enough, the emergence of the stealthy Atroposia RAT adds a new layer of threat to the cybercriminal underground. In a bid to bolster defenses, ONEKEY is expanding its cybersecurity platform to streamline vulnerability assessments, aligning with the EU Cyber Resilience Act. Yet, vulnerabilities persist, as evidenced by the critical flaws in Docker Compose and Microsoft WSUS, prompting urgent patching mandates. Chrome steps up user protection with alerts to "Always Use Secure Connections," while CISA issues critical alerts on actively exploited Dassault Systèmes and Microsoft vulnerabilities. Join us as we navigate through these complex cyber landscapes, where every vulnerability is a potential gateway for exploitation, and every patch is a race against time. Stay informed, stay secure.

Exploits Alert

1. HSBC USA Caught in Data Breach Controversy After Cyber Attack: HSBC USA has been embroiled in a significant data breach, drawing attention due to the vast amounts of business and financial data involved. The breach highlights the increasing allure for cybercriminals targeting financial institutions. Source: Cybersecurity Insiders.
2. Massive DDoS Intrusions Pinned on Aisuru Botnet: The Aisuru botnet has been identified as the source of massive DDoS attacks, capable of overwhelming network infrastructures. This botnet's activity underscores the persistent threat of distributed denial-of-service attacks in the cybersecurity landscape. Source: SC Media.
3. ONEKEY Expands Cybersecurity Platform for Vulnerabilities: ONEKEY has enhanced its cybersecurity platform to streamline vulnerability assessments, aligning with the EU Cyber Resilience Act. This expansion aims to improve compliance and expedite vulnerability tracking, reducing the workload for security teams. Source: SourceSecurity.com.
4. New Atroposia RAT with Stealthy Remote Desktop, Vulnerability Scanner and Persistence: The Atroposia RAT has emerged as a sophisticated threat, featuring stealthy remote desktop capabilities and a built-in vulnerability scanner. Its persistence mechanisms make it a formidable tool in the cybercriminal arsenal. Source: Cybersecurity News.
5. Docker Compose Vulnerability Allows Attackers to Overwrite Arbitrary Files: A vulnerability in Docker Compose has been discovered, allowing attackers to overwrite arbitrary files without typical warning signs. This silent exploitation poses a significant risk to systems running untrusted containers. Source: Cyber Press.

Vulnerabilities & Patches

1. WordPress Plugin Flaw Lets Attackers Read Arbitrary Server Files: A vulnerability identified as CVE-2025-11705 with a CVSS score of 6.5 allows attackers to read arbitrary server files through a WordPress plugin. Users are advised to apply the patch release to mitigate potential security risks. Source.
2. Intel, AMD Processor-Stored Secrets Threatened by Novel TEE.Fail Intrusion: A critical ASP.NET Core vulnerability, CVE-2025-55315, affects Intel and AMD processors, posing a threat to stored secrets. QNAP has urged users to patch this vulnerability to prevent exploitation. Source.
3. PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records: The BIND 9 vulnerability, CVE-2025-40778, allows attackers to forge DNS records by circumventing protections like randomized query IDs. A patch was released on October 15 to address this issue. Source.
4. Docker Compose Vulnerability Allows Attackers to Overwrite Arbitrary Files: Tracked as CVE-2025-62725, this flaw in Docker Compose allows attackers to overwrite arbitrary files. A patch in Docker Compose v2.40.2 introduces proper path validation to mitigate this risk. Source.
5. X.Org Server's Hidden Flaws: New Vulnerabilities Unearthed in 2025: Multiple vulnerabilities, including CVE-2025-0424, were discovered in the X.Org Server. Oracle's Critical Patch Update for October 2025 addressed these issues among others, highlighting the need for timely updates. Source.

Podcasts

1. AI's Transformative Role in Cybersecurity: This podcast episode explores how artificial intelligence is reshaping the landscape of cybersecurity. It delves into the benefits and challenges AI brings to the table, including its role in detecting threats and automating responses. The discussion also touches on the ethical considerations and potential risks associated with AI in cybersecurity. Source: Security Boulevard.
2. Security Training Just Became Your Biggest Security Risk: This episode highlights the paradox of security training potentially becoming a vulnerability. It examines how outdated or poorly implemented training programs can lead to complacency and increased risk of breaches. The podcast suggests innovative approaches to keep security training relevant and effective in the face of evolving threats. Source: Security Boulevard.
3. The Return of America First: US Power and Influence in Latin America: This episode from the Global Security Briefing podcast discusses the resurgence of the "America First" policy and its implications for US influence in Latin America. It analyzes the geopolitical shifts and the impact on cybersecurity and international relations in the region. The conversation also covers the role of cyber sanctions in countering state-backed threats. Source: RUSI.
4. Nation State Cyber Attacks and the New Era of Cyber Warfare: This podcast episode delves into the increasing prevalence of nation-state cyber attacks and their implications for global security. It explores the strategies employed by different countries and the potential for cyber warfare to escalate into physical conflicts. The discussion also covers the importance of international cooperation in mitigating these threats. Source: Security Boulevard.
5. Cyber Sanctions Taskforce: Countering State-Backed Cyber Threats: This episode focuses on the efforts of the RUSI Cyber Sanctions Taskforce in addressing state-backed cyber threats. It discusses the effectiveness of sanctions as a tool for deterrence and the challenges in enforcing them. The podcast also highlights the need for a coordinated international response to tackle the growing threat of cyber aggression. Source: RUSI.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From HSBC USA's data breach controversy to the relentless waves of DDoS attacks orchestrated by the Aisuru botnet, the stakes in cybersecurity continue to rise. The emergence of the Atroposia RAT and the ongoing vulnerabilities in platforms like Docker Compose and WordPress remind us of the persistent threats lurking in the shadows of our digital world. In this ever-evolving cyber battlefield, staying informed is our best defense. We encourage you to share this newsletter with your friends and colleagues, ensuring they too are equipped with the knowledge to navigate these challenges. Together, we can foster a community that is vigilant, informed, and resilient against the cyber threats of today and tomorrow. Until next time, stay secure and keep sharing the insights!