Welcome to the November 1st edition of ONSEC Cyber Daily, where today's headlines weave a tale of vulnerabilities and exploits that span the globe. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on a critical use-after-free vulnerability in the Linux Kernel, now a tool for ransomware attacks. Meanwhile, cybercriminals and state-sponsored actors are targeting unpatched Cisco IOS XE devices, and Windows vulnerabilities continue to be a playground for advanced persistent threats. As Australia grapples with the BadCandy implant compromising hundreds of devices, OpenAI's new Aardvark AI security tool emerges as a beacon of hope, promising automated vulnerability detection. Stay informed and vigilant as we unravel these interconnected cyber threats and defenses.

Exploits Alert

1. CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a critical use-after-free vulnerability in the Linux Kernel. This flaw is being actively exploited by cybercriminals to deploy ransomware, making it imperative for users to apply available patches immediately to safeguard their systems. Source: cybersecuritynews.com
2. Hundreds Of Australian Devices Compromised With BadCandy Implant: The Australian cyber agency has issued a critical advisory warning that cyber actors are exploiting a vulnerability to implant BadCandy malware on devices. This widespread compromise highlights the urgent need for users to enhance their security measures and apply necessary updates to prevent further exploitation. Source: thecyberexpress.com
3. Unpatched Windows Vulnerability Continues to be Exploited by APTs (CVE-2025-9491): A Windows vulnerability, identified as CVE-2025-9491, is being actively exploited by state-sponsored threat actors and cybercrime groups. Despite being known, this vulnerability remains unpatched in many systems, urging users to take immediate action to mitigate potential risks. Source: helpnetsecurity.com
4. CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks: CISA has flagged a zero-day vulnerability in VMware products that is being exploited by China-linked hackers. This active exploitation poses significant risks to affected systems, and users are strongly advised to implement the recommended security patches to protect against potential breaches. Source: thehackernews.com
5. Cybercriminals Target Unpatched Cisco IOS XE Devices: Cybercriminals and state-sponsored actors are intensifying attacks on unpatched Cisco IOS XE devices. This vulnerability is being leveraged to gain unauthorized access, emphasizing the critical need for users to update their systems promptly to prevent exploitation. Source: cybersecuritynews.com

Vulnerabilities & Patches

1. Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell: A critical vulnerability in Cisco IOS XE, identified as CVE-2023-20198, is being actively exploited by attackers to deploy the BADCANDY web shell. Cisco has released a patch, and it is crucial for users to apply it, disable the HTTP server feature, and follow the IOS XE hardening guide to mitigate risks. Source.
2. Two Windows Vulnerabilities, One a 0-day, Under Active Exploitation: Microsoft has issued an unscheduled update to patch two Windows vulnerabilities, including a 0-day. While one vulnerability has been patched, CVE-2025-9491 remains unpatched, leaving systems vulnerable to exploitation. Users are advised to stay vigilant and apply available updates promptly. Source.
3. XWiki and VMware Flaws Added to CISA List of Exploited Vulnerabilities: CISA has added vulnerabilities in XWiki and VMware, including CVE-2025-41244, to its list of known exploited vulnerabilities. These flaws have been actively exploited in the wild, and organizations are urged to implement patches and configuration management to secure their systems. Source.
4. Chinese Hackers Scanning and Exploiting Cisco ASA Firewalls: Chinese state-sponsored hackers are actively scanning and exploiting vulnerabilities in Cisco ASA firewalls, specifically CVE-2025-30333 and CVE-2025-20362. These vulnerabilities are being chained together to target government systems worldwide, highlighting the need for immediate patching. Source.
5. OpenAI Launches Aardvark: GPT-5-Powered AI Security Tool: OpenAI has introduced Aardvark, a GPT-5-powered AI security tool designed for automated vulnerability detection. The tool performs analysis, scanning, sandbox testing, and automated patching, and has already identified over 10 CVE-numbered vulnerabilities in open-source projects. Currently, Aardvark is in private testing. Source.

Podcasts

1. Cybersecurity News: LinkedIn AI Opt-Out, NSA Leadership Candidates, Python Foundation Withdraws: This podcast episode delves into the latest cybersecurity headlines, including LinkedIn's AI opt-out feature, the potential candidates for NSA leadership, and the Python Foundation's decision to withdraw from a significant initiative. The discussion provides insights into how these developments could impact the cybersecurity landscape. Source: CISO Series.
2. Shawn Tuma Provides Cybersecurity Insight 'Treats' on Counsel Brew Podcast: In this engaging episode, cybersecurity expert Shawn Tuma shares his insights on managing critical cybersecurity incidents effectively. The discussion, titled “Trick or Treat – Shawn Tuma,” offers listeners practical advice and strategies for navigating complex security challenges. Source: Spencer Fane.
3. The CyberWire Daily Briefing: This podcast provides a comprehensive overview of the latest cybersecurity news and trends. Each episode features expert analysis and commentary on current threats, vulnerabilities, and strategies for enhancing security posture. It's a must-listen for anyone looking to stay informed about the evolving cyber threat landscape. Source: The CyberWire.
4. Smashing Security: Known for its humorous take on serious cybersecurity topics, this podcast covers a wide range of issues from data breaches to privacy concerns. The hosts bring a light-hearted approach to discussing the latest security news, making it both informative and entertaining. Source: Smashing Security.
5. Hacking Humans: This podcast explores the human element of cybersecurity, focusing on social engineering, phishing, and other tactics used by cybercriminals to exploit human vulnerabilities. Each episode features stories and interviews that highlight the importance of awareness and education in preventing cyber attacks. Source: The CyberWire.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From the urgent CISA alert on the Linux Kernel use-after-free vulnerability to the relentless exploitation of unpatched systems, the message is clear: vigilance is key. Cybercriminals and state-sponsored actors are constantly evolving, and so must we. Stay informed, stay protected, and remember, cybersecurity is a collective effort. If you found today's insights valuable, don't keep them to yourself. Share this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Until tomorrow, stay safe and cyber-aware!