Welcome to your daily dose of cybersecurity news, brought to you by ONSEC Cyber Daily. Today, we're diving into a series of vulnerabilities that have been making waves in the tech world. First up, we're looking at a concerning Ubuntu printing vulnerability that could allow attackers to execute arbitrary code on locked laptops. This potential buffer overflow vulnerability was flagged by a compiler warning, highlighting the importance of thorough code examination. Next, we're discussing the booming vulnerability management solution market. Organizations across various sectors are prioritizing cybersecurity investments to safeguard sensitive data, with Alert Logic leading the charge. We also have an update on a "bizarrely dangerous" Java threat, as reported by veteran cybersecurity writer, Davey Winder. This Skibidi security alert is a must-read for anyone involved in cybersecurity. In other news, the UK has unveiled a new cyberattack severity classification scale, and the Swiss army has identified gaps in the civil aircraft collision warning system. These vulnerabilities, classified as moderate and severe by the US Cyber Defense Agency and the Federal Aviation Authority, highlight the need for robust security practices in all sectors. Finally, we're covering a series of critical patches and updates. Apple has released an emergency security update to address a zero-day vulnerability, CVE-2025-24200. Trimble Cityworks has also been added to the CISA catalog due to a flaw affecting the deserialization of untrusted data. Stay tuned for more updates on these stories and more in today's issue of ONSEC Cyber Daily. Don't forget to check out our podcast section, where we feature the latest episodes from CISO Stories, Cyber Security Bridge, and more. Stay safe, stay informed.

Exploits Alert

1. Ubuntu Printing Vulnerability Allows Arbitrary Code Execution: A potential buffer overflow vulnerability has been discovered in Ubuntu's printing system, which could allow attackers to execute arbitrary code on locked laptops. The vulnerability was flagged by a compiler warning triggered by the “-Wstringop-overflow” flag. Source: cybersecuritynews.com
2. “Bizarrely Dangerous” Java Threat - Skibidi Security Alert: A new Java vulnerability has been identified as "bizarrely dangerous" by cybersecurity writer, hacker, and analyst Davey Winder. The full technical details of the vulnerability are yet to be disclosed. Source: forbes.com
3. New Cyberattack Severity Classification Scale Unveiled By UK Org: A new cyberattack classification system has been unveiled by a UK organization (NCSC). This system aims to provide a more accurate representation of the severity of cyberattacks. Source: msspalert.com
4. Trimble Cityworks Vulnerability Added to CISA Catalog: A flaw in Trimble Cityworks, primarily affecting the deserialization of untrusted data, has been added to the CISA catalog. This common vector for many cyberattacks has been identified as CVE-2025-0994. Source: thecyberexpress.com
5. PoC Exploit Released for AnyDesk Vulnerability: A proof-of-concept exploit has been released for a vulnerability in AnyDesk that could be exploited to gain admin access via wallpapers. Users are urged to stay alert and adopt robust security practices to mitigate similar vulnerabilities. Source: cybersecuritynews.com

Vulnerabilities & Patches

1. Samsung Galaxy S25 Vulnerability (CVE-2024-53104): Samsung is urgently working on an update for a vulnerability actively being exploited. The timing for the patch is still unknown. Source: Forbes.
2. Progress LoadMaster Critical Flaw (CVE-2025-24200): A critical flaw in Progress LoadMaster allows attackers to execute system commands. Apple has released emergency security updates to address this zero-day vulnerability. Source: GBHackers.
3. Apple USB Security Flaw (CVE-2025-24200): Apple has patched an actively exploited USB security flaw. The vulnerability could be exploited through a physical attack to disable USB. Source: Cyber Kendra.
4. Zimbra SQL Injection Vulnerability (CVE-2025-25064): Zimbra has patched a critical SQL injection flaw with a CVSS score of 9.8. Users are advised to update now to protect against exploits. Source: The Hacker News.
5. Trimble Cityworks Vulnerability (CVE-2025-0994): A high-severity deserialization vulnerability in Trimble Cityworks enables remote code execution in unpatched versions. Trimble has responded with timely patches. Source: The Cyber Express.

Podcasts

1. OnTheStacks Podcast: This podcast discusses the recent decision by the US cyber agency to put election security staffers who worked with the states on leave. The episode provides an in-depth look at the implications of this decision. Source: Times Leader
2. AI Insights & Innovation: Episode 32 discusses the overemphasis on LLMs in finding AI value. The podcast provides valuable insights into the current state of AI and its potential for growth. Source: YouTube
3. CISO Stories: In this episode, Jess Hoffman and Sheena Thomas explore the need for transparency in breach details and the importance of cybersecurity education for children. Source: SC World
4. Asia Pacific Defence Reporter Podcast: Episode 80 with host Kym Bergmann discusses various topics related to cyber security, IT, and government policy. Source: Asia Pacific Defence Reporter
5. CISO Series Podcast at Convene: This podcast will be recording an episode on March 3, 2025 at the Convene conference, promising an engaging and informative session. Source: CISO Series

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We hope you found our updates on the latest vulnerabilities, patches, and cybersecurity news insightful and valuable. Remember, staying informed is the first step towards safeguarding your digital assets. If you found our newsletter helpful, why not share it with your friends and colleagues? They might appreciate the heads up on the latest Ubuntu printing vulnerability or the new cyberattack severity classification scale unveiled by the UK. Plus, they'll get to stay in the loop with the latest cybersecurity podcasts and episodes. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily. Until then, keep your data secure and your systems patched.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn