Welcome to today's issue of ONSEC Cyber Daily. We're diving into a whirlwind of critical vulnerabilities and urgent security alerts. Rockwell Automation FactoryTalk View Machine Edition is under the spotlight with a critical vulnerability that demands immediate attention. Meanwhile, the Cyber Security Agency of Singapore is sounding the alarm, underscoring the domino effect of cyber-induced bankruptcy on SMBs. In the U.S., the Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its catalog, urging federal enterprises to act swiftly. Apple and Google Chrome users are also on high alert, with millions urged to update their systems to fix critical flaws. The Linux kernel is not exempt from the wave of vulnerabilities, with CISA advising organizations to prioritize patching systems affected by CVE-2024-53104. Veeam Updater and Zyxel routers are also in the hot seat, with the former receiving an update for a critical RCE flaw and the latter refusing to patch end-of-life routers against zero-day attacks. In the Android world, Pixel phones are receiving important bug fixes with the latest Android 15 update, while Samsung Galaxy S25 and S24 owners are left in the lurch with a missing critical security fix in Android's update. In the midst of these vulnerabilities, we'll also explore the complexities of cybersecurity in 2025, with insights from the latest episodes of The ifa Show, The Just Security Podcast, and the CISO Series Podcast. Stay tuned for more updates and remember, your first line of defense is staying informed. Stay safe, stay updated with ONSEC Cyber Daily.

Exploits Alert

1. Critical Vulnerability in Rockwell Automation FactoryTalk View Machine Edition: A critical vulnerability has been identified in Rockwell Automation FactoryTalk View Machine Edition, which could potentially be exploited by cybercriminals. The Cyber Security Agency of Singapore has issued an alert regarding this issue. Source: CSA.
2. The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses: Small and medium-sized businesses are particularly vulnerable to cyber-induced bankruptcy, highlighting the importance of robust cybersecurity measures. This perspective is shared by Alert and CyberRisk Alliance. Source: MSSP Alert.
3. CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise: The U.S. Cybersecurity and Infrastructure Security Agency has added four new vulnerabilities to its catalog of Known Exploited Vulnerabilities, issuing a warning to federal enterprises. Source: TechRepublic.
4. New Apple Warning For Millions—Update Now To Fix Critical Flaw: A new warning has been issued by the Cyber Security Agency of Singapore for Apple users. A critical flaw has been identified, and users are urged to update their devices immediately to mitigate the risk. Source: Forbes.
5. New Chrome Security Warning For 3 Billion Users—Act Immediately: Google Chrome users, numbering in the billions, have been put on high alert due to a new security warning. Users are advised to take immediate action to ensure their safety. Source: Forbes.

Vulnerabilities & Patches

1. Actively Exploited Linux Kernel Vulnerability: CISA has advised organizations to prioritize patching systems affected by CVE-2024-53104. The Linux kernel team has released updates addressing this vulnerability. Source: cybersecuritynews.com
2. Veeam Updater Critical RCE Flaw: Veeam Backup for Salesforce is affected up to the current version 3.1 by CVE-2025-23114 and requires an additional update to patch the flaw. Source: scworld.com
3. Zyxel Routers Zero-Day Attacks: CVE-2024-40891, a post-authentication command injection vulnerability in the management commands of certain router models, will not be patched by Zyxel for end-of-life routers. Source: techtarget.com
4. VeraCore Zero-Day Vulnerabilities: Cybercrime gangs have exploited VeraCore zero-day vulnerabilities for years, specifically CVE-2025-25181. Currently, there is no publicly available information regarding a patch for this vulnerability. Source: helpnetsecurity.com
5. Apple's macOS Privilege Escalation Attacks: Apple's macOS vulnerability, CVE-2025-24118, exposes users to privilege escalation attacks. Apple has released updates to address this vulnerability in macOS 15.3. Source: gbhackers.com

Podcasts

1. Navigating the complexities of cyber security in 2025 - ifa: In this episode of The ifa Show, host Keith Ford and Fraser Jack, founder of The Cyber Collective, delve into the future of cybersecurity, discussing the potential challenges and advancements we might see by 2025. Source: ifa
2. The Just Security Podcast: 'The National Security Constitution in the 21st Century' Book Talk: This episode features a discussion on the evolving role of the national security constitution in the digital age, providing listeners with insights into the legal aspects of cybersecurity. Source: Just Security
3. Marketing Money Podcast: Trends versus reality | ABA Banking Journal: This episode explores the potential benefits and pitfalls of AI in marketing, with a focus on the rise of cyber fraud against businesses in 2024. Source: ABA Banking Journal
4. CISO Series Podcast at Zero Trust World in Orlando 2-21-25: The CISO Series Podcast takes a break from winter to record an episode at Zero Trust World 2025 in Orlando, Florida, offering listeners a glimpse into the event and its discussions. Source: CISO Series
5. Urban Exchange Podcast Episode 11 – Gareth Morgan, Cape Town: This episode discusses a certification program aimed at boosting interoperability and cybersecurity, with a special focus on smart cities. Source: Smart Cities World

Final Words

And that's a wrap for today's ONSEC Cyber Daily. We hope you've found this information valuable in keeping your systems and data secure. Remember, the cyber world is a constantly evolving landscape, and staying informed is your first line of defense. Don't forget to share this newsletter with your friends and colleagues. After all, cybersecurity is a team effort. Let's work together to build a safer digital world. Stay vigilant, stay informed, and stay secure. See you in the next edition of ONSEC Cyber Daily.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn