Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into the murky depths of cyberespionage, as malicious actors leverage a tool linked to a Chinese operation to facilitate a ransomware intrusion against an Asian software firm. We'll explore how AI can be responsibly integrated into cybersecurity and vulnerability management practices to combat such threats. We'll also navigate the choppy waters of maritime industry's cyber vulnerabilities, with experts warning of the potential economic impact of a successful cyber attack on shipping activities. In the realm of software development, we'll discuss a significant warning issued to developers using Microsoft Copilot, and the potential risks iPhone users face from cybercriminals tracking their live location. In the world of server security, we'll delve into the vulnerabilities that could allow hackers to gain full control of servers, and the importance of patching vulnerabilities, as demonstrated by the recent exploits of Chinese APTs on unpatched systems. We'll also forecast the potential increase in CVE volumes heading towards 2025, and the implications this could have on the cybersecurity landscape. Finally, we'll tune into the latest cybersecurity podcasts, discussing topics ranging from solving data sprawl with Tuskira, to the struggles CISOs face in gaining respect, and the role of paralegals in the digital world. Stay tuned, stay informed, and stay secure with ONSEC Cyber Daily.

Exploits Alert

1. Chinese Cyberespionage Operation Facilitates RA World Ransomware Intrusion: A tool linked to a Chinese cyberespionage operation was used to facilitate an RA World ransomware attack on an Asian software company. The malicious actors exploited the tool to gain unauthorized access to the company's systems. Source: ChannelE2E.
2. AI Integration in Cybersecurity Requires Responsible Vulnerability Management: As AI is increasingly integrated into cybersecurity, experts stress the importance of responsible vulnerability management practices. Security teams should be alert and proactive in identifying and addressing potential risks. Source: MSSP Alert.
3. Maritime Industry Warned of Cyber Vulnerabilities: Experts warn of the economic impact a successful cyber attack could have on shipping activities. The maritime industry's cyber vulnerabilities pose a significant threat to global trade. Source: AFCEA International.
4. Microsoft Copilot Vulnerability Affects Over 20,000 Repositories: Israeli cybersecurity firm Lasso warns of a vulnerability in Microsoft Copilot that affects more than 20,000 repositories from over 16,000 developers. The vulnerability could potentially be exploited by malicious actors. Source: Times of India.
5. Rsync Vulnerabilities Allow Hackers Full Control of Servers: GitLab has issued a security advisory warning of multiple high-risk vulnerabilities in Rsync that could allow hackers to gain full control of servers. A proof of concept has been released, highlighting the severity of the vulnerabilities. Source: Cybersecurity News.

Vulnerabilities & Patches

1. GRUB2 Patches for Linux Distros: GRUB2 has released patches to address vulnerabilities in Linux distributions. However, the effectiveness of these patches depends on the acceptance by the respective Linux distro. Cisco has also released a patch for a remote code execution vulnerability. Source: SC Media
2. CVE Volumes Predicted to Increase: Analysts predict that the volumes of Common Vulnerabilities and Exposures (CVE) will reach 50,000 by 2025. New contributors to the CVE ecosystem, such as Linux and Patchstack, are influencing discovery volumes. Source: Computer Weekly
3. Chinese APT Exploits VPN Bug: A Chinese Advanced Persistent Threat (APT) group is exploiting a known CVE in VPNs to target companies critical to the aviation and aerospace supply chains. These companies failed to patch the vulnerability, providing an opportunity for foreign espionage. Source: Dark Reading
4. LibreOffice Windows Vulnerability: A vulnerability (CVE-2025-0514) in LibreOffice for Windows allows attackers to create specially crafted documents containing links that may run executable files. A patch is available to address this vulnerability. Source: gHacks
5. GitLab Vulnerabilities: Vulnerabilities in GitLab allow attackers to bypass security measures and run arbitrary scripts. One such vulnerability is CVE-2025-0555, which shows how malicious packages could infiltrate builds. Patch deployment and mitigation strategies are in place. Source: GBHackers

Podcasts

1. Solving Data Sprawl with Tuskira - CISO Series: In this episode, CEO and co-founder of Tuskira, Piyush Sharrma, discusses the challenges and solutions of data sprawl. The podcast was recorded live in Nashville in September 2023. Source: CISO Series
2. Evidence, Tech, and You. How Paralegals Shine in the Digital World - Legal Talk Network: This episode explores the role of paralegals in the digital world, focusing on how they utilize technology and evidence in their work. The podcast was published on February 27, 2025. Source: Legal Talk Network
3. Are CISOs Struggling to Get Respect?: This episode features a discussion with Lee Parrish about the challenges faced by CISOs in gaining respect within their organizations. The episode is sponsored by Palo Alto Networks. Source: CISO Series
4. Can the Cease-Fire in Gaza Hold? - The New York Times: In this episode, Patrick Kingsley, the Jerusalem bureau chief for The New York Times, discusses the cease-fire in Gaza and its potential to hold. The podcast is available on Apple Podcasts and Spotify. Source: The New York Times

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered everything from the latest cyberespionage operations and AI's role in cybersecurity, to the maritime industry's vulnerabilities and the potential risks iPhone users face. We've also delved into the world of CVEs, patches, and the future of vulnerabilities. Remember, knowledge is power. The more we know, the better we can protect ourselves and our organizations from cyber threats. So, don't keep this valuable information to yourself. Share 'ONSEC Cyber Daily' with your friends, colleagues, and anyone else who could benefit from staying informed about the ever-evolving world of cybersecurity. Stay safe, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)