Welcome to the ONSEC Cyber Daily newsletter for February 20, 2025. Today, we're diving into a flurry of cyber threats and vulnerabilities that have been making headlines. The FBI and CISA have issued an alert regarding the recent surge in Ghost/Cring ransomware activity. This comes on the heels of a confirmed cyberattack on venture capital firm Insight Partners. Meanwhile, CISA has also released two new advisories following the discovery of exploits and vulnerabilities in ICS. In international news, Canadian agencies are urging organizations to bolster their cyber defenses as the anniversary of the Ukraine invasion approaches, highlighting the geopolitical implications of cybersecurity. On the tech front, Chrome and Firefox users are being warned about high-severity vulnerabilities that could be exploited by cybercriminals. CERT-In has issued a critical security warning for Google Chrome users, while Firefox has released an update to patch multiple high-severity memory safety vulnerabilities. In the realm of password security, a recent study has revealed a list of the weakest passwords, prompting an urgent warning for internet users to strengthen their defenses against financial fraud and unauthorized access. Lastly, we'll be discussing the latest episodes from various cybersecurity podcasts, including a conversation with the architect of Trump's new trade war and an exploration of the expanding world of state-sponsored cyber warfare. Stay tuned for these stories and more in today's issue of ONSEC Cyber Daily. Stay safe and informed!

Exploits Alert

1. Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA: The FBI and CISA have issued an alert due to increased activity of the Ghost/Cring ransomware. The agencies are urging organizations to strengthen their cybersecurity defenses to prevent potential attacks. Source: The Record.
2. Venture capital firm Insight Partners confirms cyberattack: Insight Partners, a venture capital firm, has confirmed a cyberattack. The details of the attack, including the extent of the damage and the identity of the attackers, remain undisclosed. Source: SC Magazine.
3. CISA Issues Warning on Palo Alto PAN-OS Security Flaw Under Attack: CISA has issued a warning about a security flaw in Palo Alto's PAN-OS that is currently under attack. Cybercriminal groups, primarily based in China, are reportedly exploiting this vulnerability. Source: GBHackers.
4. CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities: CISA has released two new advisories regarding Industrial Control Systems (ICS) vulnerabilities. These advisories serve as a reminder of the increasing targeting of industrial infrastructure by nation-states and cybercriminal groups. Source: Cyber Security News.
5. Google Chrome users alerted as CERT-In issues critical security warning: CERT-In has issued a critical security warning for Google Chrome users. Identified under Vulnerability Note CIVN-2025-0024, these security flaws could allow cybercriminals to execute malicious code and gain unauthorized access. Source: Times of India.

Vulnerabilities & Patches

1. "Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges (CVE-2025-21420)": A vulnerability in the Windows Disk Cleanup Tool has been exploited to gain SYSTEM privileges. The vulnerability, tracked as CVE-2025-21420, has a CVSS rating of 7.8. Microsoft has released a patch to address this issue. Source: cybersecuritynews.com
2. "Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely": Microsoft Bing had a critical vulnerability that allowed attackers to execute code remotely. The company has silently deployed a patch earlier and issued the CVE for transparency. Source: cybersecuritynews.com
3. "SonicWall, Palo Alto Networks flaws under attack, added to CISA list (CVE-2024-9474 and CVE-2025-0111)": SonicWall and Palo Alto Networks are under attack due to vulnerabilities CVE-2024-9474 and CVE-2025-0111. These flaws have been added to the CISA list and patches have been released. Source: scmagazine.com
4. "FreSSH bugs undiscovered for years threaten OpenSSH security (CVE-2025-26465 and CVE-2025-26466)": Two vulnerabilities in OpenSSH, CVE-2025-26465 and CVE-2025-26466, have been discovered after years. These bugs, which were undiscovered for years, pose a threat to OpenSSH security. Patches for these vulnerabilities have been released. Source: msn.com
5. "Trimble Cityworks: CVE-2025-0994: Active Exploitation": Trimble Cityworks products are affected by CVE-2025-0994, which is being actively exploited. The vulnerability allows for remote code execution. A patch has been released to prevent further exploitation. Source: recordedfuture.com

Podcasts

1. Smashing Security podcast #405: This episode discusses a crypto con exchange, soaring ticket scams, and ransomware in the classroom. The hosts, Graham Cluley and Carole Theriault, provide an in-depth analysis of these security issues. Source: grahamcluley.com
2. Securing Your Cloud Data – Eoin McGrath – ZTW25 #1: In this episode of CISO Stories, Eoin McGrath discusses the importance of securing your cloud data. The podcast provides valuable insights into the latest cloud security measures. Source: scworld.com
3. Resilient Cyber w/ Steve Martano: This episode focuses on CISO, security budgets, and broader security career dynamics. Steve Martano provides a comprehensive overview of the current cybersecurity landscape. Source: substack.com
4. Cybersecurity News: OpenSSH flaws enable new attacks, Microsoft prepares for...: This episode of the CISO Series discusses recent OpenSSH flaws that enable new attacks and Microsoft's preparation for these threats. Source: cisoseries.com
5. CONTESTED GROUND: The expanding world of state-sponsored cyber warfare: Host Liam Garman welcomes Cyber Daily's David Hollingworth in this episode, discussing the expanding world of state-sponsored cyber warfare. Source: defenceconnect.com.au

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we hope you found the information useful in staying ahead of the curve in this ever-evolving cyber landscape. From the recent Ghost/Cring ransomware activity that prompted an alert from FBI and CISA, to the confirmed cyberattack on venture capital firm Insight Partners, it's clear that cybersecurity is not a matter to be taken lightly. Remember, the first line of defense is awareness. Keep your systems updated, patch vulnerabilities as soon as possible, and always be vigilant about potential threats. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Together, we can create a safer digital world. Stay tuned for more updates tomorrow, and until then, stay safe and secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)