Welcome to today's edition of ONSEC Cyber Daily, where we unravel the intricate web of cyber threats and vulnerabilities shaping our digital landscape. In this issue, we delve into the stealthy resurgence of Interlock ransomware, which has upped its game with new attack strategies. Meanwhile, Coveware's analysis uncovers a critical misstep in Nitrogen's ransomware targeting VMware ESXi, encrypting files with an incorrect public key, leaving organizations scrambling for solutions. As if that weren't enough, hackers are exploiting an outdated EnCase driver to disable security tools, highlighting the persistent vulnerabilities lurking in our technological infrastructure. The urgency to patch systems is underscored by CISA's warning about a VMware ESXi 0-day vulnerability actively exploited in ransomware attacks, threatening to compromise entire infrastructures. Adding to the chaos, Russian cyberattacks loom over the Milan-Cortina Winter Olympics, while critical flaws in n8n's workflow execution open doors for remote attackers to hijack systems. As we navigate these turbulent waters, the race to patch vulnerabilities intensifies, with WinRAR and Synology NAS among the latest to release crucial updates. Join us as we connect the dots in this unfolding cyber saga, where each vulnerability and exploit weaves into a larger narrative of digital resilience and defense. Stay informed, stay secure.

Exploits Alert

1. Interlock Ransomware Bolsters Stealth in New Attacks: Interlock ransomware has enhanced its stealth capabilities, making it more challenging for security tools to detect and mitigate. This development poses a significant threat to organizations as it increases the potential for prolonged undetected breaches. Security teams are urged to update their defenses to counteract these advanced evasion techniques. Source: SC Media.
2. Hackers Exploit Old EnCase Driver to Disable Security Tools: Cybercriminals are leveraging an outdated EnCase driver to effectively disable modern security tools, leaving systems vulnerable to further exploitation. This tactic highlights the importance of maintaining up-to-date security measures and patching legacy components. Organizations are advised to review and update their security protocols to prevent such exploits. Source: SC Media.
3. CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks: A critical zero-day vulnerability in VMware ESXi is being actively exploited in ransomware attacks, posing a severe risk to unpatched systems. Organizations are urged to prioritize patching their hypervisors to protect against potential infrastructure breaches. This vulnerability underscores the need for proactive cybersecurity measures against state-sponsored and cybercrime threats. Source: Cybersecurity News.
4. Russian Cyberattacks Target Milan-Cortina Winter Olympics Ahead of Opening Ceremony: Russian cyberattacks are reportedly targeting the Milan-Cortina Winter Olympics, aiming to disrupt the event before it even begins. These attacks highlight the ongoing geopolitical tensions and the use of cyber warfare to achieve strategic objectives. Organizers and participating nations are on high alert to safeguard the event's digital infrastructure. Source: The Cyber Express.

Vulnerabilities & Patches

1. VMware ESXi Bug Exploited by Ransomware Attackers: A high-severity vulnerability in VMware ESXi, tracked as CVE-2025-22225, is being actively exploited by ransomware groups. The flaw allows attackers to escape the sandbox environment, posing a significant threat to unpatched systems. Organizations are urged to prioritize patching to mitigate potential intrusions. Source: SC Media
2. WinRAR Vulnerability Used in Cyberespionage: A critical vulnerability in WinRAR, identified as CVE-2026-1281 and CVE-2026-1340, has been weaponized in global cyberespionage campaigns. Attackers exploit this flaw to gain persistent control over targeted systems. Users are advised to update to the latest version to protect against these threats. Source: SC Media
3. Moxa Switches Authentication Bypass Vulnerability: A vulnerability in Moxa switches, tracked as CVE-2024-12297, allows remote attackers to bypass authentication mechanisms. This flaw could lead to unauthorized access and control over network devices. Moxa has released patches to address this issue, and users are encouraged to update immediately. Source: GB Hackers
4. Android Driver Vulnerability Threatens Pixel Devices: A high-severity driver vulnerability, CVE-2026-0106, has been identified in Pixel smartphones. This flaw could potentially be exploited to execute arbitrary code on affected devices. Google is expected to release patches in the upcoming update cycle, and users should apply them as soon as they become available. Source: Heise Online
5. Synology NAS Vulnerability Allows Root Access: A critical vulnerability in Synology NAS devices, CVE-2026-24061, allows attackers to gain root access. Synology has released DSM 7.3.2 Update 1 to patch this flaw, and users are strongly advised to apply the update to secure their devices against potential exploitation. Source: Geeky Gadgets

Podcasts

1. Talking Supply Chain: Turning AI Time Savings into Value: This podcast explores how AI can be leveraged to save time in supply chain operations and convert those savings into tangible business value. The discussion delves into the balance between efficiency and risk, particularly in the context of expanding cyber risks associated with AI integration. Source.
2. Cybersecurity News: Ukraine Tightens Controls on Starlink, ESXi Flaw Exploited: This episode covers the latest cybersecurity headlines, including Ukraine's increased control over Starlink terminals and the exploitation of VMware ESXi vulnerabilities. It provides insights into the geopolitical implications of cybersecurity measures and the ongoing challenges in securing critical infrastructure. Source.
3. Simple Security Solutions That Deliver a Big Impact: The CISO Series podcast discusses straightforward security strategies that can significantly enhance organizational security posture. The episode emphasizes the importance of implementing practical, scalable solutions that can be adapted to various business environments. Source.
4. The Leaders' Room: Embracing Unconventional Talent with Tenable's Thomas Parsons: This podcast episode features an interview with Thomas Parsons, a cybersecurity leader at Tenable, who shares insights on the value of unconventional talent in the cybersecurity field. The conversation highlights the importance of diverse skill sets and innovative thinking in addressing modern security challenges. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the cyber landscape is as dynamic as ever. From the stealthy maneuvers of Interlock ransomware to the persistent threats exploiting VMware ESXi vulnerabilities, the need for vigilance and proactive defense has never been more critical. Coveware's insights into Nitrogen's missteps with encryption keys remind us that even the most sophisticated attacks can have flaws. Meanwhile, the exploitation of outdated drivers and the ongoing saga of n8n vulnerabilities highlight the importance of timely patching and robust security measures. In this interconnected world, sharing knowledge is our strongest defense. If you found today's insights valuable, please share ONSEC Cyber Daily with your friends and colleagues. Together, we can build a more secure digital future. Stay safe, stay informed, and see you in the next issue!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn