Good morning, ONSEC Cyber Daily readers! Today, we're diving into a whirlwind of cyber threats and vulnerabilities that are shaking up the digital landscape. The FBI and healthcare agencies have issued a stern warning about a credible threat against hospitals, following a multi-city social media terror plot alert. The ISIS-K is reportedly exploiting these vulnerabilities, making the situation even more critical. In the meantime, the cybersecurity community is on high alert as hackers exploit the Cisco CSLU backdoor. CERT-UA has warned of targeted cyberattacks on Ukraine's defense sector using the DarkCrystal RAT, exploiting the Signal app and social engineering tactics. The tech world is also buzzing about the critical Next.js vulnerability. Vercel, the company behind Next.js, has released a patch, but the threat remains. Similarly, 'IngressNightmare' vulnerabilities are imperiling Kubernetes environments, and urgent action is needed. In other news, Samsung has expanded its March 2025 security update to more Galaxy S25 models, addressing several critical and high-level security issues. Veeam has also released updates addressing a critical vulnerability in its Backup & Replication software. Oracle, however, denies the alleged theft of 6 million records, despite speculation that a critical vulnerability in Oracle Access Manager was not patched. Finally, don't miss out on our podcast recommendations for today. Tune in to APDR Podcast Episode 86 with host Kym Bergmann for insights on cybersecurity, and check out the CISO Series for a deep dive into the relationship between cybersecurity and business. Stay safe, stay updated, and remember - knowledge is the best defense against cyber threats.

Exploits Alert

1. FBI, Healthcare Agencies Warn of Credible Threat Against Hospitals: The FBI and healthcare agencies have issued a warning about a credible threat against hospitals. The threat was discovered after a multi-city social media terror plot alert. The exact nature of the vulnerability has not been disclosed. Source: Industrial Cyber
2. Hackers Exploiting Cisco CSLU Backdoor: SANS Institute has called for urgent action as hackers have been found exploiting a backdoor in Cisco's CSLU. CERT-UA has also warned of targeted cyberattacks on Ukraine's defense sector using the DarkCrystal RAT, exploiting the Signal app and social engineering tactics. Source: The Cyber Express

Vulnerabilities & Patches

1. Critical Next.js Vulnerability (CVE-2025-29927): Vercel, the company behind Next.js, has released a patch for a critical vulnerability in Next.js 15.2.3. Users are urged to update their systems to mitigate the risk. Source: CyberScoop
2. 'IngressNightmare' Vulnerabilities in Kubernetes Environments: Three vulnerabilities (CVE-2025-24514, CVE-2025-1097, and another unspecified CVE) have been discovered in Kubernetes environments. Users who cannot patch immediately should enforce policies for protection. Source: Dark Reading
3. Cisco CSLU Backdoor Exploitation (CVE-2024-20439 and CVE-2024-20440): Cisco has alerted users to two critical vulnerabilities in CSLU. Users are urged to update their systems immediately to address these serious vulnerabilities. Source: The Cyber Express
4. Google's Security Patches for Galaxy S25 Models: Google has released patches for 11 critical and 40 high-level security issues for Galaxy S25 models. Users are advised to update their devices to the latest security patch. Source: Sammy Fans
5. Critical Vulnerability in Veeam Software (CVE-2025-23120): Veeam has released updates to address a critical vulnerability in its Backup & Replication software. Users are advised to update their software to the latest version. Source: Cyber Security Agency of Singapore

Podcasts

1. APDR Podcast Episode 86 with host Kym Bergmann: This episode of the Asia Pacific Defence Reporter podcast features a discussion on cyber security, IT, simulation & training, and government policy. Hosted by Kym Bergmann, the podcast provides insights into the latest industry news. Source: Asia Pacific Defence Reporter.
2. 5 Ways to Reduce Cyber Threats: ICYMI: This podcast episode from Buildings provides listeners with practical tips on how to reduce cyber threats and recover from cybersecurity breaches. The episode also includes a discussion on other related topics. Source: Buildings.
3. Why We Launched Security You Should Know - CISO Series: This episode from the CISO Series podcast discusses the relationship between cybersecurity and businesses. The 15-minute episode features two CISO guests who share their insights and experiences. Source: CISO Series.
4. Commercial litigation podcast series – Episode 30: General update: The 30th episode of the Commercial Litigation podcast series from Herbert Smith Freehills discusses recent decisions on privilege in the context of cybersecurity. Source: Herbert Smith Freehills.
5. Tornado cash sanctions lift, Russia outage Microsoft Trust abused - CISO Series: This episode from the CISO Series discusses the lifting of sanctions on Tornado Cash, a Russia outage, and the abuse of Microsoft Trust. The episode provides listeners with the latest cybersecurity news. Source: CISO Series.

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we want to remind you that cybersecurity is a shared responsibility. The threats we face are real and evolving, as evidenced by the credible threats against hospitals and the vulnerabilities found in Next.js and Cisco CSLU. We urge you to stay vigilant, keep your systems updated, and patch any vulnerabilities as soon as possible. Remember, an ounce of prevention is worth a pound of cure. We also encourage you to tune into cybersecurity podcasts like the CISO Series and the Asia Pacific Defence Reporter. They offer valuable insights and tips to help you stay ahead of the cyber threats. Lastly, we ask you to share 'ONSEC Cyber Daily' with your friends and colleagues. Together, we can create a safer cyber world. Stay safe and see you in the next edition!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn