Welcome to today's issue of ONSEC Cyber Daily! In this edition, we delve into the latest cybersecurity threats and vulnerabilities that are making headlines. The Cybersecurity and Infrastructure Security Agency (CISA) has issued fresh guidance on edge threats, highlighting the need for robust network security. Meanwhile, the XE Group is launching more sophisticated attacks, posing a greater threat to the supply chain. In the retail sector, the holiday season has exposed the vulnerability of the workforce, with 44% of retailers admitting they would withhold cyberattack impacts from the public to protect their reputation. Russian cybercrooks are exploiting a zero-day vulnerability in 7-Zip, while AMD SEV vulnerability allows malicious CPU microcode injection as an admin. Microsoft has patched a worrying zero-day along with 71 other flaws, but Zyxel won't patch newly exploited flaws in end-of-life routers. Google warns of attackers exploiting a kernel vulnerability on Android patchday, and AMD processors are affected by a microcode signature verification vulnerability. In other news, Google has patched an actively exploited kernel flaw in its February Android update, and AMD has rolled out a patch for an alarming EPYC microcode vulnerability. We also cover the latest Android security update, which includes a patch for an actively exploited vulnerability. Finally, we bring you the latest cybersecurity podcasts, including episodes from CyberWire, PaymentsJournal, Graham Cluley, and more. Stay tuned for a comprehensive look at the cybersecurity landscape. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. CISA Issues Fresh Guidance on Edge Threats: The Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance on edge threats to enhance network security in the cyber environment. Users are advised to stay updated with the latest security alerts and follow the recommended guidelines. Source: SC Magazine
2. More Sophisticated XE Group Attacks Pose Greater Supply Chain Threat: The XE Group has been identified as posing a greater threat to the supply chain due to their increasingly sophisticated cyber attacks. Building effective cybersecurity metrics is crucial in mitigating these threats. Source: SC World
3. Holiday Season Cybersecurity Lessons: The Vulnerability of the Retail Workforce: The holiday season has highlighted the vulnerability of the retail workforce to cyber attacks. A significant 44% of retailers would withhold information about a cyber attack to protect their reputation, emphasizing the need for robust cybersecurity measures. Source: Fast Company
4. Russian Cybercrooks Exploiting 7-Zip Zero-Day Vulnerability (CVE-2025-0411): Russian cybercriminals have been exploiting a zero-day vulnerability (CVE-2025-0411) in the open-source file archiver 7-Zip. Users are advised to update their software to the latest version to mitigate this risk. Source: Help Net Security

Vulnerabilities & Patches

1. AMD SEV Vulnerability Allows Malicious CPU Microcode Injection as Admin: A new vulnerability (CVE-2024-56161) has been discovered in AMD CPU ROM microcode patch loader that allows for malicious microcode injection. AMD users are advised to update their systems with the latest patches to mitigate this risk. Source: cybersecuritynews.com
2. Zyxel won't patch newly exploited flaws in end-of-life routers: Zyxel has decided not to patch a new vulnerability (CVE-2024-40891) in its end-of-life routers. Authenticated users can exploit Telnet command injection due to improper command validation. Users of these routers are advised to consider upgrading their devices. Source: bleepingcomputer.com
3. Android patchday: Attackers exploit kernel vulnerability: Google has warned that attackers are exploiting a vulnerability (CVE-2024-53104) in the Android kernel. Android users are advised to update their devices with the latest patches to mitigate this risk. Source: heise.de
4. AMD "Zen 1" to "Zen 4" Processors Affected by Microcode Signature Verification Vulnerability: A new vulnerability (CVE-2024-56161) has been discovered in AMD "Zen 1" to "Zen 4" processors that affects microcode signature verification. AMD users are advised to update their systems with the latest patches to mitigate this risk. Source: overclockers.com
5. Exploitation of vulnerability in Zyxel CPE targets legacy routers: A new vulnerability in Zyxel CPE is being exploited, targeting legacy routers. The vulnerability can allow an attacker to execute arbitrary commands. Users of these routers are advised to consider upgrading their devices. Source: cybersecuritydive.com

Podcasts

1. A wolf in DOGE's clothing? - CyberWire: This episode discusses the potential risks and threats associated with the popular cryptocurrency, Dogecoin. It provides insights into the security measures needed to protect against potential cyber attacks. Source: CyberWire
2. The Looming Cyber Threats Targeting Smaller Financial Institutions - PaymentsJournal: This podcast focuses on the increasing cyber threats targeting smaller financial institutions. It emphasizes the need for these institutions to strengthen their cybersecurity measures. Source: PaymentsJournal
3. The AI Fix #36: A DeepSeek special - Graham Cluley: This episode discusses the role of AI in cybersecurity, with a special focus on DeepSeek, a new AI technology. It also explores the potential of AI in preventing cyber attacks. Source: Graham Cluley
4. Split the Difference podcast: Episode 12 – 2025 outlook | Global Regulation Tomorrow: This podcast provides a 2025 outlook on global regulations, including cybersecurity. It offers insights into the potential changes and challenges in the regulatory landscape. Source: Global Regulation Tomorrow
5. USAID Clearances Uncovered - Accusations of Corruption Pre-DOGE - ClearanceJobs: This episode uncovers accusations of corruption within the USAID, prior to the rise of Dogecoin. It highlights the importance of transparency and accountability in preventing corruption. Source: ClearanceJobs

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered a lot of ground, from the latest CISA guidance on edge threats to the rising sophistication of XE Group attacks. We've also delved into the vulnerability of the retail workforce during the holiday season, the exploits of Russian cybercrooks, and the latest patches and updates from tech giants like Microsoft, AMD, and Google. Remember, the world of cybersecurity is ever-evolving, and staying informed is your first line of defense. So, don't keep this valuable information to yourself. Share 'ONSEC Cyber Daily' with your friends and colleagues to help them stay one step ahead of the cyber threats. Join us again tomorrow as we continue to navigate the complex landscape of cybersecurity. Stay safe, stay informed, and keep sharing the knowledge.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn