Welcome to today's issue of ONSEC Cyber Daily! In this edition, we're diving into the latest cybersecurity threats and vulnerabilities that are making headlines. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a Linux Kernel flaw that's being actively exploited, posing significant risks to federal networks. This comes alongside an urgent call to secure systems against ongoing attacks exploiting a Microsoft Outlook RCE vulnerability. In other news, patient monitors with hardcoded backdoors are causing alarm, and a 7-Zip vulnerability is being linked to cyberespionage campaigns. We'll also be discussing the critical Veeam Updater vulnerability that's been addressed, and a recently disclosed vulnerability in AnyDesk that's raising cybersecurity concerns. Google has issued a warning for AMD users regarding Zen security issues, and a critical Linux 0-Day attack warning has been issued by the U.S. Government. We'll also be covering the latest patches and updates from Cisco, Google, and Microsoft, including a critical security patch for Android with 47 fixes. In our podcast section, we'll be raising awareness for cybersecurity, discussing how romance scammers prey on vulnerability, and understanding firmware vulnerabilities in network appliances. Stay tuned for all this and more in today's ONSEC Cyber Daily. Stay safe, stay informed!

Exploits Alert

1. CISA: Actively-Exploited Linux Kernel Flaw Requires Immediate Remediation: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a security flaw in the Linux kernel that is being actively exploited. This vulnerability poses a significant risk to federal networks and requires immediate remediation. Source: MSSP Alert
2. Urgent Call to Secure Systems Against Ongoing Attacks Exploiting Microsoft Outlook RCE: CISA has also issued a warning about a Remote Code Execution (RCE) vulnerability in Microsoft Outlook that is being actively exploited. These types of vulnerabilities are frequently targeted by cybercriminals and pose significant risks. Source: Vulnera
3. Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor: Security agencies have issued an alert about patient monitors that have a hardcoded backdoor. This vulnerability could potentially allow unauthorized access to sensitive patient data. Source: Dark Reading
4. 7-Zip Vulnerability Actively Exploited in The Wild in Attacks: A vulnerability in the 7-Zip file archiver has been linked to cyberespionage campaigns, likely orchestrated by Russian cybercrime groups. This vulnerability is being actively exploited in the wild. Source: Cyber Security News
5. Critical Veeam Updater Vulnerability Addressed: A critical vulnerability in the Veeam Updater has been addressed. This comes amid heightened cybersecurity concerns and underscores the importance of keeping software up to date to prevent potential cyber attacks. Source: ChannelE2E

Vulnerabilities & Patches

1. Critical Cisco Security Issues (CVE-2025-20124): Cisco has patched critical security vulnerabilities, with a severity score of 9.9/10. Users are urged to update their systems to prevent potential exploits. Source: MSN
2. Android Security Patch (CVE-2024-45569): Google has released a security patch for Android, fixing a total of 47 vulnerabilities, including one of critical severity. Android users are advised to update their devices. Source: Udaipur Kiran
3. Linux Kernel Flaw (CVE-2024-53104): A flaw in the Linux kernel has been added to CISA's exploited vulnerabilities list. Google has issued a patch for the bug, which could allow attackers to exploit the system. Source: SC Media
4. 7-Zip Vulnerability (CVE-2025-0411): A vulnerability in 7-Zip is being actively exploited in the wild. Users are advised to update to the latest version to mitigate risks. Source: Cyber Security News
5. Veeam Updater Vulnerability (CVE-2024): Veeam has released updates to resolve a critical remote code execution flaw in Veeam Updater. Users are advised to apply the updates as soon as possible. Source: ChannelE2E

Podcasts

1. Raising awareness for cybersecurity: In this final episode of a three-part special, podcast host Bryan Ferrari talks to three guests specialised in cybersecurity. Bertrand Lathoud, COO of a prominent cybersecurity firm, shares his insights on the importance of awareness in the digital age. Source: journal.lu
2. How Romance Scammers Prey on Vulnerability: TechSpective Podcast Episode 146 explores the tactics used by romance scammers to exploit the loneliness of their victims. The episode sheds light on the increasing prevalence of such scams in the digital age. Source: securityboulevard.com
3. BTS #45 - Understanding Firmware Vulnerabilities in Network Appliances: In this episode, Paul, Vlad, and Chase discuss the security challenges associated with Palo Alto devices and network appliances. They delve into the intricacies of firmware vulnerabilities and their potential impact on network security. Source: securityboulevard.com
4. Podcast: How an anti-fraud startup fights deepfake fraud: This episode of “The Buzz” features Herd Security, an anti-fraud startup that is set to demonstrate its technology at Bank Automation Summit 2025. The podcast delves into how the startup is combating deepfake fraud, a growing concern in the digital world. Source: bankautomationnews.com
5. Fraud factories, cyber criminals and corruption: The Economist's new podcast, "Scam Inc": The Economist has released "Scam Inc", a new, deeply-reported, eight-episode limited podcast series exploring the sophisticated, global underground economy of cybercrime. The series uncovers the intricacies of this illicit industry, which is reportedly worth more than the illicit drug trade. Source: prnewswire.com

Final Words

And that's a wrap for today's ONSEC Cyber Daily. We've covered everything from actively exploited Linux kernel flaws to the urgent need for system security against ongoing attacks. We've also touched on the latest vulnerabilities and patches, and even explored some intriguing cybersecurity podcasts. Remember, in the digital world, knowledge is your best defense. Stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer cyber environment for all. Until tomorrow, stay cyber savvy!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn