Welcome to the ONSEC Cyber Daily, your one-stop source for the latest cybersecurity news. Today, we're diving into a series of critical updates and warnings issued for both Apple and Microsoft users. Apple has released an urgent update for iOS 18.3.2, following the discovery of an "extremely sophisticated exploit targeting specific individuals". All iPhone users are advised to update their devices immediately to patch this vulnerability, known as CVE-2025-24201. Meanwhile, Microsoft is grappling with six confirmed zero-day attacks, prompting a flurry of warnings and patches. The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding vulnerabilities in the Windows NTFS and Fast FAT systems. These vulnerabilities are actively being exploited to access sensitive data, underscoring the need for immediate action. In addition to these, Microsoft's March 2025 Patch Tuesday addressed a total of 57 security issues, including seven zero-days. Among these, CVE-2025-24985, a remote code execution vulnerability within the Windows Fast FAT File System Driver, is particularly concerning. Google Chrome users are also on high alert, following a warning from the Indian Computer Emergency Response Team about potential cyber threats due to multiple vulnerabilities. In the world of podcasts, we'll be looking at insights from the Quantum Leap episode by Holland & Knight, NYC's citywide privacy policy discussion on StateScoop, and the latest episode from CyberWire on CISA's leadership. Stay tuned for more details on these stories and other cybersecurity updates. Remember, staying informed is the first step towards staying secure.

Exploits Alert

1. New Windows Warning As 6 Zero-Day Attacks Confirmed: Veteran cybersecurity writer, Davey Winder, confirms six zero-day attacks on Windows. Users are urged to update their systems to mitigate the risk. Source: Forbes
2. CISA Issues Security Alert on Windows NTFS Exploit Risk: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a recently discovered vulnerability in Windows NTFS. Users are advised to take immediate action. Source: GBHackers
3. CISA Warns of Exploitable Fast FAT Vulnerability in Microsoft Windows: CISA has issued another critical warning about an exploitable Fast FAT vulnerability in Microsoft Windows. Users are urged to update their systems to protect against this risk. Source: GBHackers
4. Critical Windows Remote Desktop Services Vulnerability Lets Attackers Execute Malicious Code: CISA has escalated its cybersecurity alert by adding six critical Microsoft Windows vulnerabilities to its Known Exploited KEV Catalog. This includes a critical vulnerability in Windows Remote Desktop Services that allows attackers to execute malicious code. Source: Cybersecurity News
5. High-risk alert for Google Chrome users! Govt warns of potential cyber threats: The Indian Computer Emergency Response Team has issued a high-risk alert for Google Chrome desktop users after identifying multiple vulnerabilities. Users are advised to update their browsers to the latest version. Source: MSN

Vulnerabilities & Patches

1. Apple Patches Zero-Day Vulnerability in iPhones and iPads: Apple has issued an emergency security update to patch CVE-2025-24201, a zero-day WebKit vulnerability actively exploited in targeted attacks. The flaw could potentially allow hackers to gain access to your device if you're tricked into visiting a malicious website. Source: The Hindu
2. Microsoft Releases Patch March 2025: Fix 56 CVEs, Including 7 Zero-Day: Microsoft released a security update for March 2025 globally, patching 56 Common Vulnerabilities and Exposures (CVE). The update addresses six actively exploited zero-day vulnerabilities, including a remote code execution vulnerability within the Windows Fast FAT File System Driver. Source: VOI
3. Fortinet Patches 18 Vulnerabilities: In FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb, Fortinet patched CVE-2024-45325, which allows a privileged attacker to execute code. The company has not disclosed further details about the vulnerabilities. Source: SecurityWeek
4. Microsoft Fixes Six Actively-Exploited 0-Day Flaws In Patch Tuesday Rollout: Microsoft addressed a vulnerability registered on the CVE program as CVE-2025-24993, one of the six reported active exploits. For a successful attack, an attacker would need to convince a potential target to execute a specially crafted file. Source: HotHardware
5. Critical Windows Remote Desktop Services Vulnerability Lets Attackers Execute Malicious Code: Among the critical vulnerabilities are CVE-2025-24035 and another undisclosed CVE. Microsoft has released patches for these vulnerabilities as part of its March Patch Tuesday. The vulnerabilities could allow an attacker to execute malicious code remotely. Source: Cybersecurity News

Podcasts

1. The Quantum Leap | Insights - Holland & Knight: In this podcast episode, Public Policy & Regulation attorney Paul Stimers discusses the implications of cybersecurity in the context of Newton Investment Management. Source: Holland & Knight
2. Inside NYC's citywide privacy policy - StateScoop: A representative from the Cybersecurity and Infrastructure Security discusses New York City's citywide privacy policy in this episode of StateScoop's Priorities Podcast. Source: StateScoop
3. Will Plankey lead CISA to victory? - CyberWire: This episode of the CyberWire Daily Podcast discusses whether Plankey will lead the Cybersecurity and Infrastructure Security Agency (CISA) to victory. Source: CyberWire
4. Rational Security: The “Botanical Bros” Edition | Lawfare: This episode of the Rational Security podcast discusses various security issues in a light-hearted manner. Source: Lawfare
5. The Veterans Voice Podcast: Looking at the modern landscape of cybersecurity - KOAA: In this episode of The Veterans Voice Podcast, Taylor Chapman discusses the modern landscape of cybersecurity with veterans and Mt. Carmel Ambassadors, Dr. Shawn Murray and Blake. Source: KOAA

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. As we've seen, the cyber landscape is ever-evolving, with new threats and vulnerabilities emerging daily. From the latest iOS update warnings to the critical Windows vulnerabilities, it's clear that staying informed is our first line of defense. Remember, cybersecurity is not a one-man show. It's a collective effort. So, don't keep this valuable information to yourself. Share this newsletter with your friends, colleagues, and anyone else who could benefit from staying one step ahead of cyber threats. Stay safe, stay updated, and let's continue to build a more secure cyber world together. See you in the next edition of ONSEC Cyber Daily!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn