ONSEC Cyber Daily - November 3, 2025. Welcome to today's edition of ONSEC Cyber Daily, where the digital shadows reveal a world of vulnerabilities and breaches. In a chilling revelation, Proton's data breach has unleashed 300 million credentials onto the dark web, a stark reminder of the ever-growing threat landscape that businesses and individuals face. As cybercriminals exploit these compromised treasures, the global energy sector is reeling from Petrofac's collapse, a cautionary tale of overlooked cybersecurity vulnerabilities that could disrupt supply chains worldwide. Meanwhile, the cybersecurity community is on high alert with a flurry of vulnerabilities surfacing. From the EY data leak to the critical Bind 9 and Chrome vulnerabilities, the digital fortress is under siege. Chinese threat actors are aggressively targeting Cisco ASA firewalls, further intensifying the global cyber warfare. Yet, hope flickers as X.Org and ISC release critical patches to fortify defenses against these relentless attacks. Stay informed, stay secure, and join us as we navigate the intricate web of cybersecurity challenges and solutions.

Exploits Alert

1. Proton Data Breach Exposes 300 Million Credentials on Dark Web Markets: A massive data breach at Proton has resulted in 300 million credentials being sold on dark web markets. This breach highlights the increasing threat to both businesses and individuals as cybercriminals exploit compromised information for malicious purposes. Immediate action is recommended for affected users to secure their accounts and change passwords. Source: Cyber Press.
2. Petrofac Collapse: Cybersecurity as the Next Supply Chain Threat: The collapse of Petrofac has revealed significant cybersecurity vulnerabilities within the global energy industry. Financial instability is not the only concern, as smaller suppliers face increasing cyber threats that could disrupt the supply chain. Industry experts urge companies to strengthen their cybersecurity measures to prevent future incidents. Source: Gulf News.
3. Chinese Threat Actors Exploit Cisco ASA Firewalls Worldwide: Chinese threat actors are actively scanning and exploiting vulnerabilities in Cisco ASA firewalls globally. This ongoing threat poses significant risks to organizations relying on these systems for network security. Security teams are advised to apply the latest patches and monitor network traffic for suspicious activities. Source: LinkedIn.
4. ToolShell Exploit in Public-Facing Applications: A new exploit targeting applications built with python-socket.io has been identified, allowing unauthorized access to affected systems. Security teams are urged to patch these vulnerabilities immediately to prevent potential breaches. This highlights the importance of regular updates and monitoring of public-facing applications. Source: Cyber Security News.
5. BIND 9 DNS Flaw Exposes Servers: A critical flaw in BIND 9 DNS servers could allow attackers to manipulate DNS responses, leading to potential data interception or redirection. The Internet Systems Consortium (ISC) recommends immediate upgrades to patched versions to secure affected systems and prevent exploitation. Source: Cyber Security News.

Vulnerabilities & Patches

1. X.Org Patches Critical Vulnerabilities in X Server and Xwayland: X.Org has released patches for critical vulnerabilities in X Server and Xwayland, addressing a race condition in input handling (CVE-2025-62231). These updates are crucial for preventing potential exploits that could compromise system integrity. Users are advised to apply these patches promptly to secure their systems. Source: WebProNews.
2. ISC Patches BIND 9 DoS Vulnerability: The Internet Systems Consortium (ISC) has patched a Denial of Service (DoS) vulnerability in BIND 9, identified as CVE-2025-5470. This flaw, with a CVSS score of 8.6, could allow attackers to crash servers using malformed DNS queries. Administrators are urged to update to the latest versions to mitigate this risk. Source: Cyber Security News.
3. Apache HTTP Server Path Traversal Vulnerability: A critical path traversal vulnerability has been discovered in Apache HTTP Server, potentially allowing attackers to access sensitive files on the server. The Apache Software Foundation has released a patch, and users are strongly encouraged to update their servers to prevent unauthorized data access. Source: SecurityWeek.
4. VMware Patches Multiple Vulnerabilities in vSphere: VMware has addressed several vulnerabilities in its vSphere product, including issues that could lead to remote code execution and privilege escalation. These patches are part of VMware's ongoing efforts to enhance security and protect users from potential threats. Administrators should apply these updates immediately. Source: VMware Security Advisories.
5. Fortinet Fixes Critical Authentication Bypass in FortiOS: Fortinet has released a patch for a critical authentication bypass vulnerability in FortiOS, which could allow attackers to gain unauthorized access to affected systems. This vulnerability underscores the importance of timely updates to maintain robust security postures. Users are advised to implement the patch without delay. Source: Fortinet Blog.

Podcasts

1. The CyberWire Daily Briefing: This podcast offers a concise overview of the latest cybersecurity news, trends, and expert insights. Each episode provides listeners with a quick yet comprehensive update on the most pressing issues in the cyber world, making it an essential listen for professionals and enthusiasts alike. Source: The CyberWire Daily Briefing
2. Smashing Security: Hosted by cybersecurity veterans, this podcast combines humor and expertise to discuss the latest in cybersecurity news and data breaches. With a light-hearted approach, it makes complex security topics accessible and engaging for a broad audience. Source: Smashing Security
3. Hacking Humans: This podcast delves into the human side of cybersecurity, exploring social engineering, phishing, and other tactics used by cybercriminals. It provides valuable insights into how individuals and organizations can protect themselves from these threats. Source: Hacking Humans
4. Malicious Life: This podcast explores the history and evolution of cybercrime, featuring stories of hackers, cyberattacks, and the people behind them. It offers a narrative-driven approach to understanding the complexities of cybersecurity. Source: Malicious Life
5. Security Now: Hosted by renowned security expert Steve Gibson, this podcast provides in-depth analysis of the latest security vulnerabilities, threats, and solutions. It is a must-listen for anyone looking to deepen their understanding of cybersecurity. Source: Security Now

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is more perilous than ever. From the massive Proton data breach exposing 300 million credentials to the overlooked vulnerabilities in the global energy sector, the threats are evolving and expanding. Cybercriminals are relentless, exploiting every opportunity to compromise our data and systems. It's a stark reminder of the importance of staying informed and vigilant. In this interconnected world, cybersecurity isn't just a personal responsibility; it's a collective one. By sharing knowledge and insights, we can build a stronger defense against these threats. So, if you found today's newsletter insightful, please share it with your friends and colleagues. Together, we can create a more secure digital future. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!