Welcome to the Halloween edition of ONSEC Cyber Daily, where today's cyber landscape is as chilling as the season itself. As the digital world braces for a wave of vulnerabilities, Cert-In has sounded the alarm on critical flaws lurking within Google Chrome and Gitlab, threatening to open the floodgates to cybercriminals. Meanwhile, the Canadian Cyber Centre is urging immediate action against escalating threats targeting Internet-accessible ICS. As if that weren't enough, the WSUS vulnerability is being actively exploited, dropping the Skuld infostealer into unsuspecting systems. With Chrome 142 rolling out patches for 20 high-severity vulnerabilities, the race is on to secure our digital fortresses. Join us as we unravel these spine-tingling tales of cyber threats and the relentless pursuit of security in today's interconnected world. Stay vigilant, stay informed, and remember—patching is your best defense against the lurking cyber ghouls.

Exploits Alert

1. Cert-In Warns of Multiple Vulnerabilities in Google Chrome for Desktop and Gitlab: The Indian cybersecurity watchdog, Cert-In, has issued an alert regarding multiple vulnerabilities in the Google Chrome desktop browser and the Gitlab platform. These vulnerabilities could potentially allow cybercriminals to execute malicious activities. Users and developers are urged to update their systems promptly to mitigate risks. Source: Economic Times
2. Canada's Cyber Centre Urges Action on Internet-Accessible ICS Threats: The Canadian Centre for Cyber Security has issued a warning about increasing cyber threats targeting Internet-accessible Industrial Control Systems (ICS). The alert emphasizes the need for robust vulnerability management and technical defenses to protect critical infrastructure from potential hacktivist attacks. Source: Industrial Cyber
3. Chrome & Gitlab Vulnerabilities: Cert-In Alert: Cert-In has highlighted vulnerabilities in Google Chrome and Gitlab that could be exploited by attackers to gain unauthorized access or execute malicious code. Users are advised to apply the latest security patches to safeguard their systems against these threats. Source: Rediff Money
4. Attackers Exploiting WSUS Vulnerability to Drop Skuld Infostealer: A new alert from the Cybersecurity and Infrastructure Security Agency (CISA) reveals that attackers are exploiting a WSUS vulnerability (CVE-2025-59287) to deploy the Skuld infostealer. Organizations are encouraged to implement updated security measures to prevent data breaches. Source: Help Net Security
5. Chrome 142 Released With Fix for 20 Vulnerabilities: Google has released Chrome version 142, addressing 20 vulnerabilities that could allow malicious code execution. Security experts recommend enabling automatic updates to ensure systems are protected against these newly identified threats. Source: Cybersecurity News

Vulnerabilities & Patches

1. New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges: Microsoft has addressed a critical privilege escalation vulnerability, CVE-2025-58726, affecting Windows environments globally. This flaw allows attackers to exploit Ghost SPNs and Kerberos reflection to elevate SMB privileges. The patch was included in Microsoft's October 2025 security update. Source.
2. Critical Flaws Found in Elementor King Addons Affect 10,000 Sites: Patchstack researchers have discovered two critical vulnerabilities in Elementor King Addons, impacting over 10,000 websites. These include an unauthenticated arbitrary file upload vulnerability (CVE-2025-6327) that could allow attackers to compromise affected sites. Users are urged to update to the latest patched versions. Source.
3. Multiple Jenkins Flaws Include SAML Authentication Bypass and MCP Plugin Permission Issues: Several vulnerabilities have been identified in Jenkins, including a SAML authentication bypass and MCP plugin permission issues. These flaws could allow unauthorized access and privilege escalation. Patches are available, and users are advised to update to the latest versions to mitigate risks. Source.
4. Google Releases Chrome 142 with Patches for 20 High-Severity Vulnerabilities: Google has released Chrome version 142, addressing 20 high-severity vulnerabilities. Notable among these is CVE-2025-12428, a type confusion flaw in the V8 component, which could lead to arbitrary code execution. Users are strongly encouraged to update their browsers to enhance security. Source.
5. Over 150,000 WordPress Sites Exposed by Flaws in Popular Plugins: Critical vulnerabilities have been found in several popular WordPress plugins, potentially exposing over 150,000 sites to attacks. These flaws, patched on October 15, 2025, could allow unauthorized access and data breaches. Site administrators should ensure their plugins are updated to the latest versions. Source.

Podcasts

1. Ep. 85 – Halloween Special: Healthcare Compliance Nightmares: This episode delves into the spooky side of healthcare compliance, offering tips to avoid cybersecurity nightmares. The discussion highlights the importance of staying vigilant against potential threats in the healthcare sector. Source.
2. Project Catalyst: An Economic Development Podcast | Episode 17: Building the Grid of the Future: This episode explores the intersection of cybersecurity and economic development, focusing on a bipartisan initiative that secured $45 million in federal funding. The podcast discusses how this funding is being used to build a more secure and resilient infrastructure. Source.
3. The Future of Digital Government: Nebraska CIO on Data, Leadership, and Cybersecurity: Dr. Matthew McCarville, Nebraska's State CIO, discusses the future of digital government, emphasizing the role of data, leadership, and cybersecurity in transforming public services. This episode provides insights into how states can leverage technology for better governance. Source.
4. Online Scams: Cybersecurity Expert Shares Tips to Stay Safe Online, Warns Seniors: This podcast episode offers practical advice on avoiding online scams, with a particular focus on protecting seniors. The expert shares strategies to enhance online safety and prevent falling victim to cybercriminals. Source.
5. How Do We Measure Our Defenses Against Social Engineering Attacks?: This episode from the CISO Series discusses the challenges of measuring defenses against social engineering attacks. The hosts explore various strategies and tools that organizations can use to bolster their security posture against these types of threats. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever, with new vulnerabilities and threats emerging at every turn. From the Cert-In alerts on Google Chrome and Gitlab to the Canadian Cyber Centre's warnings about ICS threats, staying informed is your first line of defense. Remember, knowledge is power, and sharing this knowledge can fortify our collective cybersecurity efforts. If you found today's insights valuable, don't keep them to yourself! Share this newsletter with your friends and colleagues. Together, we can build a more secure digital world, one informed reader at a time. Until tomorrow, stay vigilant and stay safe!