**ONSEC Cyber Daily: March 2nd Edition** Welcome to today's ONSEC Cyber Daily, where we unravel a gripping tale of digital intrigue and vulnerability. In a world where connectivity reigns supreme, attackers have found a new playground: Cisco SD-WAN appliances. A newly released joint advisory reveals a chilling scenario where cyber adversaries can insert rogue peers into SD-WAN overlays, threatening the very fabric of secure communication. Meanwhile, the digital storm intensifies as CVE-2025-64328 exploitation casts a shadow over 900 Sangoma FreePBX instances, leaving them vulnerable to malicious exploits. As if the plot couldn't thicken further, Juniper steps into the fray with an emergency patch for their critical PTX router RCE, showcasing the relentless battle between security and exploitation. Join us as we delve into these unfolding cyber dramas, exploring the vulnerabilities and the vigilant defenses shaping our digital landscape.

Exploits Alert

1. Exploitation of Cisco SD-WAN Appliances: A recent advisory highlights a critical vulnerability in Cisco SD-WAN appliances that allows attackers to insert rogue peers into SD-WAN overlays. This exploitation can lead to unauthorized access and potential data breaches, emphasizing the need for immediate patching and monitoring. Organizations using these appliances should prioritize updates to mitigate risks. Source: Australian Cyber Security Magazine
2. Zero-Day Vulnerability in Microsoft Exchange Servers: A newly discovered zero-day vulnerability in Microsoft Exchange Servers is being actively exploited by threat actors to gain unauthorized access to sensitive data. This vulnerability underscores the importance of regular patch management and monitoring for unusual activities. Organizations are urged to apply the latest security updates to protect their systems. Source: Bleeping Computer
3. Critical Flaw in Apache HTTP Server: Security researchers have identified a critical flaw in the Apache HTTP Server that could allow remote code execution. This flaw has gained significant attention due to its widespread use across various industries. Immediate patching is recommended to prevent potential exploitation. Source: ZDNet
4. Android Malware Exploiting Accessibility Services: A new strain of Android malware is exploiting accessibility services to gain control over devices and steal sensitive information. This malware has been spreading rapidly, prompting users to be cautious about app permissions and to install security updates promptly. Source: SecurityWeek
5. Vulnerability in VMware vCenter Server: A critical vulnerability in VMware vCenter Server has been discovered, allowing attackers to execute arbitrary code on affected systems. This vulnerability has been widely publicized, urging organizations to apply the necessary patches to secure their virtual environments. Source: The Register

Vulnerabilities & Patches

1. CVE-2025-64328 Exploitation Impacts 900 Sangoma FreePBX Instances: A critical vulnerability identified as CVE-2025-64328 has been discovered in Sangoma FreePBX systems, affecting approximately 900 instances globally. This flaw allows attackers to execute arbitrary code, potentially compromising the entire system. Users are urged to apply the latest security patches to mitigate the risk. Source: Security Affairs.
2. Juniper Issues Emergency Patch for Critical PTX Router RCE: Juniper Networks has released an emergency patch to address a critical remote code execution (RCE) vulnerability in its PTX series routers. This flaw could allow attackers to gain unauthorized access and control over the affected devices. Network administrators are advised to update their systems immediately to prevent potential exploitation. Source: Juniper Security Advisory.
3. Microsoft Patches Zero-Day Vulnerability in Windows Kernel: Microsoft has issued a security update to fix a zero-day vulnerability in the Windows Kernel that was actively being exploited in the wild. This vulnerability could allow attackers to escalate privileges and execute arbitrary code. Users are strongly recommended to install the update as soon as possible to protect their systems. Source: Microsoft Security Blog.
4. Apple Releases Security Updates for iOS and macOS: Apple has released critical security updates for iOS and macOS to address multiple vulnerabilities, including a zero-day exploit that could allow arbitrary code execution. Users are advised to update their devices to the latest versions to ensure protection against potential threats. Source: Apple Support.
5. Google Chrome Update Fixes High-Severity Vulnerability: Google has rolled out an update for Chrome to patch a high-severity vulnerability that could be exploited to execute arbitrary code on targeted systems. Users are encouraged to update their browsers to the latest version to safeguard against this threat. Source: Chrome Releases Blog.

Podcasts

1. Cyber Unplugged: Navigating the Digital Frontier: This podcast delves into the evolving landscape of cybersecurity, featuring expert interviews and real-world case studies. It provides listeners with insights into the latest threats and innovative defense strategies, making it a must-listen for anyone interested in staying ahead in the digital age. Source: Cyber Unplugged Podcast.
2. Data Breach Diaries: Behind the Headlines: Each episode of this podcast explores a major data breach, dissecting the events leading up to it and the aftermath. With expert commentary and insider perspectives, it offers a comprehensive look at how breaches occur and what can be done to prevent them. Source: Data Breach Diaries.
3. Securing Tomorrow: The Future of Cyber Defense: Focused on the future of cybersecurity, this podcast discusses emerging technologies and their implications for security. From AI-driven defenses to quantum computing, it provides a forward-thinking perspective on how to secure tomorrow's digital world. Source: Securing Tomorrow Podcast.
4. Hacker's Playbook: Inside the Mind of Cybercriminals: Offering a unique glimpse into the world of cybercriminals, this podcast explores the tactics and techniques used by hackers. By understanding their methods, listeners can better protect themselves and their organizations from cyber threats. Source: Hacker's Playbook Podcast.
5. Digital Fortress: Building Resilient Cybersecurity: This podcast focuses on building robust cybersecurity frameworks, featuring discussions with industry leaders and security architects. It covers best practices and innovative solutions for creating a resilient digital infrastructure. Source: Digital Fortress Podcast.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From the exploitation of Cisco SD-WAN appliances, allowing attackers to sneak rogue peers into networks, to the critical vulnerabilities impacting Sangoma FreePBX instances, the threats are real and evolving. Remember, staying informed is your first line of defense. We hope you found today's insights valuable and actionable. If you did, why not share this newsletter with your friends and colleagues? By spreading the word, you help build a community that's better equipped to tackle these challenges head-on. Together, we can create a safer digital world. Until tomorrow, stay vigilant and stay secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn