Welcome to the ONSEC Cyber Daily for December 23rd, where today's headlines weave a cautionary tale of vulnerabilities and cyber threats lurking in the digital shadows. The Cybersecurity and Infrastructure Security Agency (CISA) has added a new exploited vulnerability to its catalog, urging organizations to bolster their defenses against potential cyberattacks. Meanwhile, the FBI uncovers a deepfake campaign spoofing government officials, highlighting the growing sophistication of AI-driven threats. As hackers target over 125,000 WatchGuard Firebox IPs, critical vulnerabilities in HPE OneView and Microsoft systems demand immediate attention. In a world where cybercriminals exploit every opportunity, from zero-day flaws in Cisco systems to widespread cybercrime crackdowns in Africa, staying informed and vigilant is more crucial than ever. Dive into today's issue for expert insights and essential updates to fortify your cyber defenses.

Exploits Alert

1. CISA Adds One Known Exploited Vulnerability to Catalog: CISA has updated its catalog to include a newly identified vulnerability, urging all organizations, not just FCEB agencies, to prioritize reducing their exposure to cyberattacks. This move highlights the critical need for proactive cybersecurity measures across all sectors. Source: CISA.
2. Cursor IDE Vulnerability Exposes Risks in AI Tooling and Installation Workflows: A vulnerability in Cursor IDE has been identified, posing significant risks to AI tooling and installation workflows. This flaw could potentially be exploited by cybercriminals to compromise AI systems, emphasizing the need for robust security protocols in AI development environments. Source: SC Media.
3. FBI: Deepfake Campaign Spoofing Government Officials Ongoing for Longer Than Thought: The FBI has uncovered a deepfake campaign that has been spoofing government officials for an extended period. This sophisticated use of AI technology poses a significant threat to the integrity of governmental communications and highlights the growing challenge of combating AI-driven misinformation. Source: SC World.
4. Hackers Attack WatchGuard Firebox Firewalls: 120K IPs Exposed and Vulnerable: A critical security risk has been identified in WatchGuard Firebox firewalls, with 120,000 IPs exposed and vulnerable to exploitation. This incident underscores the importance of timely patching and vigilant monitoring of network security devices. Source: Cybernews.
5. WatchGuard Patches Firebox Zero-Day Exploited in the Wild: WatchGuard has released a patch for a zero-day vulnerability in its Firebox devices that was actively being exploited. This swift response is crucial in mitigating potential damage and protecting users from ongoing threats. Source: SecurityWeek.

Vulnerabilities & Patches

1. Over 125,000 Internet-Exposed WatchGuard Firebox IPs at Risk of Remote Code Execution Attacks: A critical vulnerability, CVE-2025-14733, with a CVSS score of 9.8, has been identified in WatchGuard Firebox firewalls. This out-of-bounds write flaw allows attackers to execute remote code, posing a significant threat to over 125,000 devices. Security researchers urge immediate patching to prevent exploitation. Source: GBHackers
2. HPE OneView RCE Vulnerability Exploited via Newly Released PoC: Hewlett Packard Enterprise has released a patch for a critical remote code execution vulnerability, CVE-2025-37164, in its OneView platform. With a severity score of 10.0, this flaw could allow attackers to reconfigure servers and deploy malicious payloads. Users are strongly advised to update their systems immediately. Source: GBHackers
3. Potential Attacks Threaten Over Tens of Thousands of Fortinet Devices: Fortinet has patched critical vulnerabilities, CVE-2025-59718 and CVE-2025-59719, which could lead to authentication bypass attacks. These flaws threaten tens of thousands of devices, and security experts recommend swift action to apply the patches. Source: SC Media
4. Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges: Microsoft has addressed a significant use-after-free vulnerability in its Brokering File System driver, tracked as CVE-2025-29970. This flaw allowed attackers to escalate privileges, posing a critical security risk. Users are advised to apply the latest updates to mitigate potential threats. Source: Cybersecurity News
5. Chinese Hackers Exploit Cisco Zero-Day Flaw in Espionage Attacks: A zero-day vulnerability, CVE-2025-20393, in Cisco devices has been exploited by Chinese hackers for espionage purposes. Despite ongoing attacks, a patch is yet to be released, prompting urgent calls for increased vigilance and interim security measures. Source: WebProNews

Podcasts

1. Global News Podcast: Hundreds Arrested in Africa-wide Cybercrime Crackdown: This episode delves into a significant law enforcement operation across Africa, resulting in hundreds of arrests related to cybercrime activities. The podcast provides insights into the collaborative efforts of international agencies to combat cyber threats and highlights the growing sophistication of cybercriminal networks. Listen here.
2. 2025 Year in Review at Cloud Security Podcast by Google: This episode offers a comprehensive review of the year's cybersecurity landscape, focusing on emerging threats and the evolution of cloud security. It provides a strategic playbook for Security Operations Center (SOC) leaders to enhance their defenses and adapt to the rapidly changing cyber environment. Explore more.
3. A Page From Australia's Cybersecurity Playbook: Pentesting Our Kids: David Braue discusses the importance of cybersecurity education for children, emphasizing the need for early awareness and training. The episode explores innovative approaches to teaching kids about cyber threats and the role of parents and educators in fostering a secure digital future. Learn more.
4. CISO Series: President's Cyber Bill, Iranian APT Resurfaces, Kimwolf DDoS Attack: This episode covers recent developments in cybersecurity legislation, the resurgence of Iranian Advanced Persistent Threats (APTs), and the impact of the Kimwolf DDoS attack. It provides expert analysis on how these events shape the cybersecurity landscape and what organizations can do to protect themselves. Find out more.
5. Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting: Tom Eston shares valuable insights into the role of networking in securing a job in the cybersecurity field. The episode discusses strategies for building professional relationships and leveraging them to advance one's career in this competitive industry. Discover more.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with new vulnerabilities and threats emerging at every turn. From CISA's latest additions to the Known Exploited Vulnerabilities catalog, to the ongoing deepfake campaigns and critical patches for WatchGuard Firebox firewalls, the need for vigilance and proactive measures has never been more crucial. Remember, while BOD 22-01 may specifically target FCEB agencies, the call to action is universal—prioritize reducing your exposure to cyberattacks. In this interconnected world, sharing knowledge is a powerful tool. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the challenges of tomorrow. Stay safe, stay informed, and see you in the next issue!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)