Good morning, ONSEC Cyber Daily readers! Today, we're diving into a series of critical vulnerabilities that have been making waves in the cybersecurity world. First up, we're looking at Zimbra, where flaws have been discovered that could allow attackers to gain unauthorized access to sensitive data. This includes a SQL Injection in ZimbraSyncService (CVE-2025-25064) that's particularly concerning for organizations using older versions of the software. Next, we're turning our attention to a high-risk vulnerability (CVE-2025-21298) in Outlook that allows code execution via malicious RTF attachments. Thankfully, Patch Tuesday updates have addressed this issue. In other news, Google has patched a critical vulnerability in the Linux kernel, which underpins Android, that was being exploited by forensic tools. We're also bringing you the best cybersecurity podcasts of the week, including an episode from Carole Cadwalladr on cyber stalking, a myth-busting session with Kathleen Smith on careers in cybersecurity, and a look at Turnium Tech's next-gen universal edge device. Finally, don't miss the latest episode of the ThirdSpace Buzz Podcast, which delves into the power struggles between tech titans in the realm of digital finance and AI. Stay safe, stay informed, and stay tuned for more updates from the frontlines of cybersecurity.

Exploits Alert

1. Critical Cisco Security Issues (CVE-2025-20124): Cisco has patched a series of critical security vulnerabilities, scoring a severity of 9.9/10. Users are strongly advised to update their systems to prevent potential exploits. Source: Cisco Security.
2. Android Security Patch (CVE-2024-45569): Google has rolled out a security patch for Android, addressing a total of 47 vulnerabilities, including one of critical severity. Android users are recommended to update their devices. Source: Android Security.
3. Linux Kernel Flaw (CVE-2024-53104): A flaw in the Linux kernel has been added to the list of exploited vulnerabilities. Google has issued a patch for the bug, which could potentially allow attackers to exploit the system. Source: Linux Security.
4. 7-Zip Vulnerability (CVE-2025-0411): A vulnerability in 7-Zip is currently being actively exploited. Users are advised to update to the latest version to mitigate risks. Source: 7-Zip Security.
5. Veeam Updater Vulnerability (CVE-2024): Veeam has released updates to resolve a critical remote code execution flaw in Veeam Updater. Users are advised to apply the updates as soon as possible. Source: Veeam Security.

Vulnerabilities & Patches

1. Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data: A critical SQL Injection vulnerability in ZimbraSyncService (CVE-2025-25064) has been discovered. Organizations using older versions of Zimbra are advised to update to Zimbra 9.0.0 Patch 44 or Zimbra 10.0.13 & 10.1.5 to mitigate the risk. Source: GBHackers
2. Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, and Data Breaches: A severe vulnerability (CVE-2025-21298, CVSS 9.8) in Outlook that allows code execution via malicious RTF attachments has been addressed in the latest Patch Tuesday updates. Source: Cybersecurity News
3. Google Addresses Android Vulnerability Exploited by Forensic Tools: Google has patched a critical vulnerability in the Linux kernel, which underpins Android, through its latest security update. The flaw was being exploited by forensic tools. Source: MSN
4. Critical Cisco Security Issues: Cisco has patched critical security vulnerabilities (CVE-2025-20124) with a severity score of 9.9/10. Users are urged to update their systems to prevent potential exploits. Source: Cisco
5. Android Security Patch: Google has released a security patch for Android (CVE-2024-45569), fixing a total of 47 vulnerabilities, including one of critical severity. Android users are advised to update their devices. Source: Android

Podcasts

1. Carole Cadwalladr takes on cyber stalking: Carole Cadwalladr, a renowned investigative journalist, delves into the world of cyber stalking in her latest podcast. The episode promises to be an eye-opening exploration of the dangers lurking in the digital world. Source: The Guardian
2. Careers in Cybersecurity: Myths and Realities with Kathleen Smith: This podcast episode features Kathleen Smith, a cybersecurity expert, who debunks common myths about careers in cybersecurity and provides practical advice for those interested in the field. Source: Security Boulevard
3. Turnium Tech Unveils Next-Gen Universal Edge Device in New Podcast Episode: Turnium Tech introduces its next-generation universal edge device in a new podcast episode, offering insights into the future of cybersecurity and technology. Source: TimesTech
4. AI Power Struggles: Tech Titans, Digital Finance, and the Fight for Control: The ThirdSpace Buzz Podcast discusses the power struggles between tech titans in the realm of digital finance and AI, offering insights into the future of technology and cybersecurity. Source: Substack

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily! We've covered everything from critical Zimbra flaws to the latest Android vulnerability patched by Google. We've also highlighted some of the best cybersecurity podcasts of the week, offering insights into the world of cyber stalking, careers in cybersecurity, and the ongoing power struggles in the tech world. Remember, in the digital world, knowledge is your best defense. So, stay informed, stay secure. If you found today's newsletter helpful, why not share it with your friends and colleagues? They might find it useful too. Until next time, keep your data safe and your software patched. See you in the next edition of ONSEC Cyber Daily!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn