Welcome to today's issue of ONSEC Cyber Daily. We're diving into a whirlwind of cybersecurity threats and vulnerabilities that have been making headlines. The CISA and FBI have issued a stern warning about the exploitation of Buffer Overflow Vulnerabilities, a threat that's been echoed by cybersecurity researchers who've discovered a frightening security flaw with YouTube and Google. This 'browser syncjacking' cyberattack is as diabolical as it sounds, and we're here to break it down for you. Meanwhile, Apple has issued a global warning to billions: update your iPhones and iPads or risk falling prey to cyber crooks. We're also looking at a high-severity SonicWall bug that poses a VPN hijacking threat, and a new report that highlights critical weaknesses at U.S. ports, leaving them vulnerable to cyberattacks. On the patching front, we're covering a slew of updates from Microsoft, Ivanti, and others, aimed at fixing critical flaws and vulnerabilities. We're also discussing the importance of these patches and why you should install them right away. Finally, we're tuning into the latest cybersecurity podcasts, from discussions on corporate counsel's top concerns to the exploration of penetration testing. Stay with us as we navigate this complex cybersecurity landscape, providing you with the insights you need to stay one step ahead of the threats.

Exploits Alert

1. CISA, FBI Warn Of Threats Exploiting Buffer Overflow Vulnerabilities: CISA and the FBI have issued an alert about threats exploiting buffer overflow vulnerabilities. The agencies urge software developers to adopt memory-safe programming languages to mitigate these vulnerabilities. Source: Information Security Buzz
2. Cybersecurity researchers discovered a scary security flaw with YouTube and Google: A new 'browser syncjacking' cyberattack has been discovered that allows hackers to take over computers via Chrome. The attack is considered highly sophisticated and users are advised to update their browsers. Source: MSN
3. High-Severity SonicWall Bug Poses VPN Hijacking Threat: A high-severity bug in SonicWall could pose a VPN hijacking threat. Users are advised to update their systems to the latest version to mitigate the risk. Source: MSSP Alert
4. New Report Warns Of Critical Weakness At U.S. Ports, Leaving Them Vulnerable To Cyber Attacks: A new report warns of critical weaknesses at U.S. ports, making them vulnerable to cyberattacks. The report identifies China, North Korea, Iran, and Russia as potential threats. Source: Marine Insight
5. Google Chrome's Safe Browsing Now Protects 1 Billion Users Worldwide: Google Chrome's Safe Browsing feature now protects 1 billion users worldwide. The feature helps protect users from phishing sites, malware, and other online threats. Source: GBHackers

Vulnerabilities & Patches

1. CHERI Security Hardware Program Essential to UK Security: The UK government has highlighted the importance of the CHERI Security Hardware Program in addressing memory safety issues, which account for about 70% of all patched security vulnerabilities. Source: Infosecurity Magazine
2. Russia's Sandworm APT Exploits Edge Bugs Globally: Microsoft has warned that Russia's Sandworm APT is exploiting Edge bugs on a global scale. Critical sectors are advised to maintain above-average security practices and patch their software. Source: Dark Reading
3. Ivanti Fixes 4 Critical Flaws: Ivanti has released patches for four critical flaws, including a CVSS 9.9 vulnerability in Connect Secure. Earlier this year, the company released an emergency patch for an exploited zero-day. Source: SC Media
4. Windows Security Flaws Patched: Microsoft's February Patch Tuesday addressed dozens of Windows security flaws, many of which were critical. One such vulnerability, CVE-2025-21376, affects the Windows Lightweight Directory Access Protocol (LDAP). Source: HotHardware
5. Additional Critical Vulnerability in Palo Alto Networks: Assetnote has discovered an additional critical vulnerability (CVE-2025-0108) in Palo Alto Networks. The company has released patches for the previously disclosed vulnerabilities. Source: WREG

Podcasts

1. "Smashing Security" Episode 404: The episode discusses how hackers managed to compromise the US Government's official SEC Twitter account. A must-listen for those interested in understanding the intricacies of high-profile cyber attacks. Source: YouTube
2. "Quick Charge" Cybertruck Episode: This episode provides an interesting discussion on the Cybertruck, including its security features and potential vulnerabilities. It's a great listen for tech enthusiasts and Tesla fans. Source: Electrek
3. "Disputed Podcast" S6 EP2: The episode delves into 2025's top litigation trends, including cybersecurity regulations and shifts in class action litigation. It's a valuable resource for corporate counsel and legal professionals. Source: Norton Rose Fulbright
4. "Health-e Law" Episode 15: This episode explores the intersection of healthcare security and homeland security, featuring Jonathan Meyer, former DHS GC and partner at Sheppard Mullin. It's a must-listen for those in the healthcare and security sectors. Source: Mondaq
5. "Ahead of the Threat" Episode Seven: Paul Proctor, a Gartner analyst for 20 years, discusses practical approaches businesses can apply to make cybersecurity more effective. A valuable listen for business leaders and cybersecurity professionals. Source: FBI

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered a lot of ground, from the latest threats exploiting buffer overflow vulnerabilities to the urgent need for patching and updating your systems. Remember, in the world of cybersecurity, knowledge is your best defense. Stay vigilant, stay informed, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, this is your trusted creative technical security copywriter, signing off. Stay safe out there!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn