Welcome to the February 17th edition of ONSEC Cyber Daily, where today's headlines weave a compelling narrative of vigilance and rapid response in the ever-evolving cybersecurity landscape. Apple has finally patched a zero-day vulnerability lurking in iOS since the dawn of the iPhone, a testament to the enduring challenges of legacy code. Meanwhile, CISA has flagged a critical flaw in Microsoft's Configuration Manager, urging immediate action to thwart potential cyberattacks. The urgency doesn't stop there; ZLAN ICS devices and Airleader systems are under scrutiny for vulnerabilities that could lead to complete device takeovers and remote code execution. As the digital world braces for the Milano-Cortina 2026 Winter Olympics, cybercriminals are already setting traps for unsuspecting fans. In a parallel development, Google has swiftly patched a high-severity Chrome zero-day vulnerability, underscoring the relentless pace of cyber threats. Stay informed and secure as we delve into these pressing issues and more in today's newsletter.

Exploits Alert

1. Apple Patches Ancient Zero-Day Vulnerability Present in iOS for Nearly Two Decades: Apple has finally patched a zero-day vulnerability that has existed in iOS since the launch of the first iPhone. This long-standing flaw posed significant security risks, and its resolution marks a crucial step in securing iOS devices. Users are urged to update their devices to the latest version to mitigate potential threats. Source: CPO Magazine.
2. CISA Flags Actively Exploited Microsoft Configuration Manager Flaw: The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a critical flaw in Microsoft Configuration Manager that is currently being exploited. Organizations are advised to apply the necessary patches promptly to safeguard against potential cyberattacks. This vulnerability underscores the importance of maintaining up-to-date security measures. Source: Petri.
3. CISA Warns of ZLAN ICS Devices Vulnerabilities Allows Complete Device Takeover: CISA has issued an alert regarding two critical vulnerabilities in ZLAN ICS devices that could allow attackers to take full control of the devices. These vulnerabilities pose a significant threat to industrial control systems, and immediate action is recommended to prevent exploitation. Source: Cybersecurity News.
4. Critical Airleader Vulnerability Exposes Systems to Remote Code Execution Attacks: A critical vulnerability in Airleader systems has been identified, which could enable remote code execution attacks. This flaw highlights the need for robust cybersecurity measures in industrial environments to prevent unauthorized access and potential damage. Source: Cybersecurity News.
5. Cybersecurity Alert: Fake Shops Target Winter Olympics 2026 Fans for Attacks: Cybercriminals are exploiting the excitement around the Milano-Cortina 2026 Winter Olympics by setting up fake shops to deceive fans. This alert serves as a reminder to remain vigilant and cautious when engaging with online platforms related to major events. Source: GBHackers.

Vulnerabilities & Patches

1. Google Distributes January Update for Pixel Line to Correct Screen and Security Flaws: Google has rolled out a January update for its Pixel devices, addressing critical vulnerabilities including CVE-2025-48647. This update aims to enhance both screen performance and overall security, mitigating significant risks to users. Source: Mixvale.
2. Serious Memory and Bluetooth Flaws Fixed in Apple's New System Update for Cell Phones: Apple's latest system update addresses severe vulnerabilities in memory management and Bluetooth functionalities. These fixes are crucial for maintaining device security and preventing potential exploits. Source: Mixvale.
3. CVE-2026-2441: Google Patches Chrome Zero-Day Exploited in the Wild: Google has released a patch for a critical Chrome zero-day vulnerability, CVE-2026-2441, which was actively exploited. This "use after free" bug allowed arbitrary code execution, posing a significant threat to users. Source: SOC Prime.
4. Firefox 147.0.4 Fixes Blank New Tab Page and One Security Issue: Mozilla's latest Firefox update resolves a security issue identified as CVE-202602447, alongside fixing a blank new tab page bug. This update is crucial for maintaining browser security and functionality. Source: Neowin.
5. Critical FileZen File Transfer Flaw Allows Arbitrary Command Execution: A critical vulnerability in FileZen's file transfer system, tracked as CVE-2026-25108, allows for arbitrary command execution. This flaw necessitates immediate patching to prevent unauthorized access and potential data breaches. Source: Cyber Press.

Podcasts

1. Driven By Purpose® Podcast: Featuring Frank Astorino on Wealth, Values, and Living with Integrity. This episode delves into the principles of wealth management and personal values with Frank Astorino. Listeners are guided through strategies for living a life of integrity while balancing financial success. The conversation offers insights into aligning personal and professional goals for a fulfilling life. Source: Naples News
2. Driven By Purpose® Podcast: Featuring Ruth Klein on Authenticity, Legacy, and Leading with Heart. Ruth Klein shares her expertise on building a legacy through authenticity and heartfelt leadership. The episode encourages listeners to embrace their true selves in both personal and professional spheres. Klein's insights provide a roadmap for leading with empathy and purpose. Source: TM News
3. Regulatory Horizons: Cybersecurity and FDA Regulated Companies. This podcast explores the intersection of cybersecurity and FDA regulations, offering a comprehensive overview for companies navigating compliance. The episode provides valuable insights into maintaining security standards while adhering to regulatory requirements. It's a must-listen for professionals in the healthcare and tech industries. Source: Mondaq
4. Ring's Search Party 'Dystopia' Debate. This episode engages listeners in a thought-provoking debate on the implications of surveillance technology and privacy. The discussion highlights the balance between security and personal freedoms in a digital age. It's an essential listen for those interested in the ethical dimensions of technology. Source: Security Boulevard
5. Ivanti Actor ID, Google Search Tweak, ClickFix DNS. The podcast covers the latest developments in cybersecurity, including the identification of an Ivanti actor and Google's search algorithm tweaks. It also discusses the innovative ClickFix DNS solution. This episode is packed with insights for cybersecurity professionals looking to stay ahead of emerging threats. Source: CISO Series

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with vulnerabilities lurking in unexpected corners. From Apple's recent patch of a zero-day vulnerability that has been hiding in iOS since the first iPhone, to the urgent alerts from CISA about actively exploited flaws, the message is clear: vigilance and timely updates are our best defense. In a world where cyber threats are as constant as the sunrise, staying informed is not just a necessity—it's a responsibility. We encourage you to share this newsletter with friends and colleagues who might benefit from staying in the loop. Together, we can build a more secure digital future. Thank you for joining us today. Stay safe, stay updated, and see you in the next issue of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn