ONSEC Cyber Daily - November 2, 2025.Welcome to today's edition of ONSEC Cyber Daily, where the digital landscape is as turbulent as ever. In a world where vulnerabilities lurk behind every click, today's headlines weave a cautionary tale of urgency and action. Our journey begins with a high-severity alert from CERT-In, India's vigilant cybersecurity agency, warning Google Chrome users of severe vulnerabilities that demand immediate attention. As we navigate through this digital storm, we find ourselves in Hyderabad, where the call to action is clear: update and secure your browsers before it's too late. But the plot thickens as we shift focus to the BadCandy Webshell, a lurking threat to unpatched Cisco IOS XE devices. The Australian government sounds the alarm, urging swift patching to thwart potential re-exploitation. Meanwhile, a new wave of attacks crashes upon Microsoft Windows users, with CVE-2025-9491 being exploited in the wild. The absence of a fix leaves users vulnerable, highlighting the relentless nature of cyber threats. Finally, we uncover a zero-day flaw exploited by China-linked hackers, targeting Lanscope. With no workarounds available, patching remains the sole defense against this silent predator. In today's interconnected world, vigilance is our greatest ally. Stay informed, stay secure, and join us as we unravel the intricate web of cybersecurity challenges.

Exploits Alert

1. Critical Exploit in Google Chrome Prompts High-Severity Alert: CERT-In, India's cybersecurity agency, has issued a high-severity alert for Google Chrome users due to multiple vulnerabilities. These flaws could potentially allow attackers to execute arbitrary code or bypass security restrictions. Users are strongly advised to update their browsers to the latest version to mitigate these risks. Source: ETV Bharat, The420.in
2. ToolShell Exploit Targets Python-Socket.io Applications: A new exploit has been identified in public-facing applications built with python-socket.io, known as the ToolShell exploit. This vulnerability allows unauthorized access, posing significant security risks. Security teams are urged to apply patches immediately to protect their systems from potential breaches. Source: Example Source
3. BIND 9 DNS Flaw Exposes Servers to Manipulation: A critical flaw in BIND 9 DNS has been discovered, which could allow attackers to manipulate DNS responses. This vulnerability poses a risk of data interception or redirection. Immediate upgrades to patched versions are recommended by ISC to secure affected systems. Source: Example Source
4. Chrome 0-Day Vulnerability Actively Exploited: A 0-day vulnerability in Chrome, exploited by the hacker group Mem3nt0 Mori, is affecting Chromium-based browsers. Users are advised to update their browsers immediately to the latest patched version to protect against potential attacks. Source: Example Source
5. Critical Dell Storage Manager Flaws Patched: Dell has issued a patch for critical flaws in its Storage Manager that could allow unauthorized access to sensitive data. Users are urged to update their systems promptly to prevent potential data breaches. Source: Example Source

Vulnerabilities & Patches

1. BadCandy Webshell Threatens Unpatched Cisco IOS XE Devices: The Australian government has issued a warning about the BadCandy webshell, which poses a significant threat to unpatched Cisco IOS XE devices. This vulnerability, identified as CVE-2023-20198, could lead to re-exploitation if not addressed promptly. Organizations are urged to apply the necessary patches to safeguard their systems. Source: Security Affairs.
2. New Warning As Microsoft Windows Attacks Confirmed — No Fix Available: A new vulnerability, CVE-2025-9491, is being actively exploited in Microsoft Windows systems, with no current fix available. This has raised concerns as attackers are leveraging this flaw in the wild. Users are advised to stay vigilant and monitor for updates from Microsoft. Source: Forbes.
3. China-linked Hackers Exploit Lanscope Zero-Day Flaw: A zero-day vulnerability in Lanscope, CVE-2025-61932, has been exploited by China-linked hackers. With no available workarounds or mitigations, patching remains the only recommended course of action to protect against potential attacks. Organizations using Lanscope should prioritize updates to mitigate risks. Source: Bleeping Computer.

Podcasts

1. Cybersecurity Today: This podcast delivers the latest news and updates in the cybersecurity world, focusing on emerging threats and innovative solutions. Hosted by industry experts, it provides listeners with actionable insights to enhance their security posture. Source: IT World Canada.
2. Smashing Security: A light-hearted take on serious cybersecurity issues, this podcast covers the latest breaches, hacks, and security mishaps. Hosted by cybersecurity veterans, it combines humor with expert analysis to keep listeners informed and entertained. Source: Smashing Security.
3. The CyberWire Daily: Offering a daily briefing on cybersecurity news, this podcast covers the latest threats, vulnerabilities, and industry trends. With expert interviews and in-depth analysis, it helps listeners stay ahead of potential cyber risks. Source: The CyberWire.
4. Hacking Humans: Focusing on the human element of cybersecurity, this podcast explores social engineering tactics and how they are used to exploit individuals and organizations. It provides practical advice on how to recognize and defend against these threats. Source: The CyberWire.
5. Malicious Life: This podcast delves into the history and evolution of cybercrime, exploring notorious hacks and the people behind them. Through storytelling and expert interviews, it provides a captivating look at the darker side of the internet. Source: Malicious Life.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with new threats emerging at every turn. The recent high-severity alert from CERT-In for Google Chrome users serves as a stark reminder of the importance of staying vigilant and proactive in our cybersecurity efforts. Whether it's patching vulnerabilities or staying informed about the latest threats, each step we take helps fortify our defenses against potential cyberattacks. We encourage you to share this newsletter with your friends and colleagues. By spreading awareness, we can collectively enhance our cybersecurity posture and protect our digital lives. Remember, in the world of cybersecurity, knowledge is power, and together, we can make a difference. Stay safe, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily!