Welcome to the ONSEC Cyber Daily, where today's digital landscape unfolds with urgency and intrigue. As the cyber world buzzes with activity, CERT-In has issued a critical alert for Chrome users, urging immediate updates to thwart potential cyberattacks. Meanwhile, the Medusa ransomware is exploiting a critical GoAnywhere vulnerability, highlighting the relentless nature of cyber threats. Microsoft's warning about the abuse of Lua Engine vulnerabilities by cybercriminals and state-sponsored actors adds another layer of complexity to the ongoing battle for cybersecurity. As vulnerabilities in FreePBX and Zimbra Collaboration Suite are actively exploited, businesses are reminded of the pressing need to patch software vulnerabilities. Stay informed and vigilant as we navigate these interconnected threats in today's issue.

Exploits Alert

1. Critical GoAnywhere Vulnerability Exploited in Medusa Ransomware Attacks: A critical vulnerability in GoAnywhere has been exploited by the Medusa ransomware group, posing significant risks to affected systems. The vulnerability allows attackers to execute arbitrary code, leading to potential data breaches and system compromises. Organizations using GoAnywhere are urged to apply patches immediately to mitigate these threats. Source: HIPAA Journal
2. PoC Exploit Released for Critical Lua Engine Vulnerabilities: A proof-of-concept (PoC) exploit has been released for critical vulnerabilities in the Lua engine, which are being actively targeted by both cybercriminals and state-sponsored actors. These vulnerabilities could allow attackers to execute arbitrary code, making it crucial for users to update their systems promptly. Source: Cyber Security News
3. Exploitation of FreePBX SQL Injection Vulnerability to Modify the Database: A newly discovered SQL injection vulnerability in FreePBX, tracked as CVE-2025-57819, is being exploited to modify databases. This vulnerability poses a severe risk to data integrity and confidentiality, urging administrators to apply necessary patches and security measures. Source: Cyber Press
4. Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks: Several vulnerabilities in Google Chrome have been identified, exposing users to potential arbitrary code execution attacks. These vulnerabilities are being actively exploited, prompting an urgent need for users to update their browsers to the latest version to ensure security. Source: Cyber Security News
5. CISA Warns of Zimbra Collaboration Suite Zero-Day XSS Exploited in Active Attacks: A zero-day cross-site scripting (XSS) vulnerability in the Zimbra Collaboration Suite is under active exploitation, leading to potential data breaches and unauthorized access. CISA has issued an alert urging administrators to review vendor advisories and apply patches immediately. Source: Cyber Press

Vulnerabilities & Patches

1. CodeMender AI Patching: AI Automatically Fixes Software Problems. Google's CodeMender AI is revolutionizing software security by automatically rewriting insecure code to patch vulnerabilities. This AI-driven approach ensures only high-quality fixes reach human reviewers, significantly reducing the risk of exploitation. The technology promises to streamline the patching process, making it faster and more efficient. Source: LinkedIn
2. Google Chrome Under Threat as Exploit Code for V8 Vulnerability Released. Google Chrome faces a significant threat as exploit code for a V8 vulnerability has been released. The vulnerability, identified as CVE-2025-11458 and CVE-2025-11460, involves a heap buffer overflow and a use-after-free bug, respectively. Users are urged to update their browsers immediately to mitigate potential risks. Source: SQ Magazine
3. Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now. A critical vulnerability in Figma's MCP, tracked as CVE-2025-53967, allows attackers to execute arbitrary code remotely due to unsanitized user input. With a CVSS score of 7.5, this command injection flaw poses a serious risk, and users are advised to apply the patch available in version 0.6.3 immediately. Source: IT Security News
4. AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability. AWS Client VPN for macOS is affected by a critical privilege escalation vulnerability, CVE-2025-11462, impacting versions 1.3.2 to 5.2.0. This flaw could allow attackers to gain elevated privileges, emphasizing the need for continuous vigilance and rapid patch deployment to protect systems. Source: GBHackers
5. Multiple Chrome Vulnerabilities Let Attackers Execute Arbitrary Code. Google has released an October update addressing multiple vulnerabilities in Chrome, including CVE-2025-11460 and CVE-2025-11211. These vulnerabilities allow attackers to execute arbitrary code, highlighting the importance of timely patch deployment to safeguard against potential exploits. Source: Cyber Press

Podcasts

1. Bloomberg Businessweek Daily: Cyber Resilience: This podcast episode delves into the strategies and challenges of maintaining cyber resilience in today's digital landscape. Experts discuss the importance of proactive measures and the role of technology in safeguarding critical infrastructure. Source.
2. Protecting Critical Infrastructure With Limited Funding: Chetrice Romero, a Senior Cybersecurity Advisor, shares insights on how organizations can protect critical infrastructure despite budget constraints. The episode highlights innovative approaches and the importance of strategic planning in cybersecurity. Source.
3. S7: E5: Securing Critical Infrastructure - IoT Insider: This episode of IoT Unplugged features Toby Wilmington discussing the integration of IoT in securing critical infrastructure. The conversation covers the potential risks and the necessary steps to mitigate them effectively. Source.
4. In Fighting Cybercrime, Humans Need AI — And AI Needs Humans: This podcast explores the symbiotic relationship between humans and AI in combating cybercrime. Experts discuss how AI can enhance human capabilities and the ethical considerations involved. Source.
5. Building Texas' Future with a Stronger Workforce: This episode from UT San Antonio highlights the university's efforts in cyber training to equip local communities with the skills needed to defend against cyber threats. The discussion emphasizes the importance of education in building a resilient workforce. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, remember that staying informed is your first line of defense against cyber threats. With CERT-In's urgent alert for Chrome users and the ongoing exploitation of vulnerabilities across various platforms, it's crucial to keep your systems updated and secure. These stories remind us of the ever-evolving landscape of cybersecurity and the importance of vigilance. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community against cyber threats. Until tomorrow, stay safe and stay secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)