Welcome to today's edition of ONSEC Cyber Daily, where we unravel the intricate web of cyber threats and vulnerabilities that shape our digital landscape. In a world where every click and keystroke can open doors to unseen dangers, CISA has sounded the alarm on four critical vulnerabilities, including a severe flaw in SolarWinds Web Help Desk. As Russian hackers exploit newly patched Microsoft Office vulnerabilities, the urgency to patch and protect has never been more critical. Meanwhile, underground financial networks are thriving, fueled by the relentless pursuit of valuable data by cybercriminals. Join us as we delve into these pressing issues, offering insights and strategies to navigate the ever-evolving cyber threat landscape. Stay informed, stay secure.

Exploits Alert

1. Alert! CISA warns of 4 exploited vulnerabilities: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about four actively exploited vulnerabilities, including a critical flaw in SolarWinds Web Help Desk. These vulnerabilities are now part of the Known Exploited Vulnerabilities Catalog, urging organizations to prioritize patching to mitigate potential threats. Source
2. Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk: A critical vulnerability identified as CVE-2025-40551 in SolarWinds Web Help Desk has been highlighted for its potential to cause significant security breaches. Organizations using this software are advised to apply patches immediately to protect against exploitation. Source
3. Cybersecurity Firms Warn of Growing Underground Financial Networks: Cybersecurity firms are raising alarms about the rise of underground financial networks targeting valuable data from transactions and logins. These networks are becoming a prime focus for organized cybercrime groups, emphasizing the need for enhanced security measures. Source
4. Eliminate SOC Alert Fatigue and Focus on High-Risk Security Incidents: A new guide emphasizes the importance of reducing Security Operations Center (SOC) alert fatigue by concentrating on high-risk security incidents. This approach aims to streamline cybersecurity efforts and improve incident response effectiveness. Source
5. Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509): Russian hackers are actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This vulnerability allows attackers to bypass security measures, highlighting the urgency for users to apply the latest patches to safeguard their systems. Source

Vulnerabilities & Patches

1. Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads: CVE-2025-55182 is a deserialization flaw in React Server Components that is being actively exploited. Security teams are urged to patch immediately to the latest React versions to prevent potential exploitation. Source.
2. Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk: SolarWinds has released a fixed version for CVE-2025-40551, a critical vulnerability with a severity score of 9.8 out of 10. CISA has added it to their Known Exploited Vulnerabilities list, urging immediate patching. Source.
3. Russian Hackers Targeting New Office 365 Zero-Day: Russian APT28 (Fancy Bear) is exploiting CVE-2026-21509 in Microsoft Office, just days after the patch release. The vulnerability is being used to send malicious DOC files to Ukrainian government entities. Source.
4. Hikvision Wireless Access Point Flaws Enable Remote Command Execution Attacks: Hikvision has released an advisory detailing a security flaw in their wireless access points, urging customers to apply patches immediately to prevent remote command execution attacks. Source.
5. Critical Flaws in KiloView Devices Enable Complete Admin Takeover: CVE-2026-1453, with a severity score of 9.8, affects KiloView Encoder Series devices. The flaw allows attackers to take complete control due to missing authentication for critical functions. Immediate patching is recommended. Source.

Podcasts

1. APDR Podcast Episode 126 with Host Kym Bergmann: This episode of the Asia Pacific Defence Reporter podcast delves into the latest developments in cyber security, IT, simulation, and training, with a focus on government policy and news. Host Kym Bergmann provides insights into the evolving landscape of defense and security in the Asia Pacific region. Source
2. The Evolution of Ransomware – Key Moments: Bitdefender's podcast episode explores the significant milestones in the evolution of ransomware. The discussion highlights how ransomware tactics have changed over time and the implications for cybersecurity. This episode is essential for understanding the current threat landscape and preparing for future challenges. Source
3. Take Two-Factor Authentication and Call Me in the Morning: The CISO Series podcast discusses the importance of two-factor authentication in enhancing cybersecurity. The episode covers practical tips for implementing this security measure and addresses common challenges organizations face. It's a must-listen for anyone looking to bolster their security posture. Source
4. OpenClaw Targets ClawHub Users: This episode from the CISO Series highlights recent cybersecurity threats, including the OpenClaw campaign targeting ClawHub users. The discussion includes insights into how attackers are exploiting vulnerabilities and what organizations can do to protect themselves. It's a timely update on the latest cyber threats. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the cyber landscape is as dynamic as ever. From CISA's urgent alerts on exploited vulnerabilities to the relentless tactics of cybercriminals, staying informed is your first line of defense. Remember, knowledge is power, and sharing it amplifies that power. If you found today's insights valuable, don't keep them to yourself—share this newsletter with your friends and colleagues. Together, we can build a more secure digital world. Until next time, stay vigilant and stay safe!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn