Welcome to the ONSEC Cyber Daily for March 17th, where today's digital landscape unfolds like a high-stakes thriller. As CISA adds a new vulnerability to its catalog, the urgency to shield against cyberattacks intensifies. Experts sound the alarm on potential threats to critical infrastructure, from electric grids to municipal water systems. Meanwhile, NinjaOne and Stellar Cyber are stepping up with innovative solutions to close security gaps and streamline alert management. In a race against time, Microsoft and Google are rolling out emergency patches to combat actively exploited zero-day vulnerabilities, urging billions of users to update immediately. As the cyber world braces for impact, the narrative of defense and innovation continues to evolve, with AI playing a pivotal role in shaping the future of cybersecurity. Stay informed, stay secure.

Exploits Alert

1. CISA Adds One Known Exploited Vulnerability to Catalog: The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its catalog, urging organizations to prioritize reducing their exposure to cyberattacks. This highlights the importance of proactive vulnerability management to safeguard against potential threats. Source
2. Experts Warn of Looming Cyber Threat: U.S. cybersecurity experts and federal agencies are raising alarms about vulnerabilities in critical infrastructure, such as electric grids and municipal water systems. This warning underscores the urgent need for enhanced security measures to protect essential services from cyber threats. Source
3. NinjaOne Introduces Real-Time Vulnerability Management: NinjaOne has launched a real-time vulnerability management solution aimed at closing security gaps. This innovation is designed to help organizations quickly identify and address vulnerabilities, enhancing their overall cybersecurity posture. Source
4. Stellar Cyber 6.4.0 Reduces Alert Noise: Stellar Cyber has released version 6.4.0, featuring new Autonomous SOC capabilities that reduce alert noise and speed up investigations. These enhancements aim to improve analyst workflows and make security operations more efficient. Source
5. Orca Platform Enhancements Use AI to Cut Cloud Alert Noise: Orca Security has enhanced its platform with AI capabilities to reduce alert noise in cloud environments. With a significant number of organizations running AI workloads, these improvements are crucial for maintaining robust cloud security. Source

Vulnerabilities & Patches

1. Google Chrome Zero-Day Vulnerabilities Receive Emergency Fixes: Google has issued emergency patches for two critical zero-day vulnerabilities in Chrome, identified as CVE-2026-3909 and CVE-2026-3910. These vulnerabilities have been actively exploited, posing significant risks to over 3 billion users worldwide. Users are urged to update their browsers immediately to mitigate potential threats. Source: iTnews
2. Microsoft Releases Emergency Patch for Windows 11 RRAS Vulnerabilities: Microsoft has released an out-of-band update, KB5084597, to address critical Remote Code Execution vulnerabilities in Windows 11's RRAS management tool. These vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could allow attackers to execute code remotely. Users are strongly advised to apply the patch immediately. Source: TechRepublic
3. HPE Aruba AOS-CX Critical Vulnerabilities Patched: Hewlett Packard Enterprise has addressed several vulnerabilities in its Aruba AOS-CX operating system, including a critical flaw that allowed admin password resets. These patches are crucial for maintaining network security and preventing unauthorized access. Users are encouraged to update their systems promptly. Source: SC World
4. Wing FTP Server Exploit Actively Targeted: CISA has flagged a critical remote code execution vulnerability in Wing FTP Server, tracked as CVE-2025-47812, as actively exploited. The vulnerability was patched in version 7.4.4, released in May 2025. Administrators are advised to ensure their systems are updated to this version to prevent exploitation. Source: Bleeping Computer
5. Fortinet Patches Critical FortiGate Firewall Vulnerabilities: Fortinet has released patches for critical vulnerabilities in FortiGate Firewalls, identified as CVE-2025-59718 and CVE-2025-59719, both with a severity score of 9.8/10. These vulnerabilities allowed unauthorized access and credential theft. Users are urged to update their systems to secure their networks. Source: Cybersecurity Review

Podcasts

1. Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting: In this episode, Philip Wylie and Dan DeCloss delve into the evolving landscape of pentesting, emphasizing the role of AI and automation in enhancing efficiency and reporting. They discuss how these technologies are reshaping the cybersecurity industry, offering insights into future trends and challenges. Source
2. 60-second Retail Podcast: Frictionless CX: How Identity Tech Is Reshaping Checkout: This episode explores the impact of identity technology on the retail checkout process, highlighting innovations that enhance customer experience. The discussion covers digital innovation, demand generation, and brand strategy, providing a comprehensive look at how technology is transforming retail. Source
3. APDR Podcast Episode 131 with host Kym Bergmann: Kym Bergmann discusses Leonardo UK's strategic acquisition of Becrypt, a move aimed at bolstering its cybersecurity capabilities. The episode provides insights into the implications of this acquisition for the defense and cybersecurity sectors in the Asia-Pacific region. Source
4. Cybercrime Magazine Podcast: How Secure Is The Data Stored By Cloud Providers?: This episode features discussions with cybersecurity experts on the security of data stored by cloud providers. It examines the risks, challenges, and best practices for ensuring data protection in the cloud, offering valuable insights for businesses and individuals alike. Source
5. CISO Series: Royal Bahrain Hospital Breach, New York Water Cyber Law: This episode covers recent cybersecurity incidents, including the Royal Bahrain Hospital breach and new cyber laws in New York. It provides an analysis of the implications of these events for cybersecurity policies and practices, highlighting the importance of robust security measures. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with new vulnerabilities and threats emerging at every turn. From CISA's latest addition to the Known Exploited Vulnerability Catalog to the urgent patches released by tech giants like Microsoft and Google, the message is clear: staying informed and proactive is crucial. While BOD 22-01 might specifically target FCEB agencies, the call to action extends to all organizations. Prioritizing cybersecurity measures can significantly reduce exposure to cyberattacks, safeguarding critical infrastructures like electric grids and municipal water systems. In this interconnected world, sharing knowledge is power. If you found today's insights valuable, consider forwarding this newsletter to your friends and colleagues. Together, we can build a more secure digital future. Stay vigilant, stay informed, and until next time, keep your systems secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)