Welcome to your ONSEC Cyber Daily dose for March 26th. Today, we're diving into a whirlwind of cyber threats and security patches. Google has released a Chrome patch to counter an exploit used in Russian espionage attacks, while DrayTek routers are under active exploitation due to vulnerabilities disclosed last December. The Australian Cyber Security Centre has issued a critical alert for users of Ingress-NGINX Controllers, and a UAC-0212 attack campaign is targeting critical infrastructures in Ukraine. Microsoft is stepping up its game with new AI agents to boost enterprise security, and Google has patched a Chrome Sandbox Escape Zero-Day caught by Kaspersky. Meanwhile, CrushFTP users are urged to patch an unauthenticated access flaw immediately, and Broadcom warns of an authentication bypass in VMware Windows Tools. In other news, a new Windows zero-day is leaking NTLM hashes, and hackers are exploiting a Windows MMC Zero-Day vulnerability to execute malicious code. Public-facing Kubernetes clusters are at risk due to an Ingress-Nginx flaw, and critical vulnerabilities are putting Kubernetes environments in jeopardy. Multiple H3C Magic routers are hit by a critical severity remote command injection with no fix in sight, and a zero-day in Windows has been exploited for seven years by APT groups. Lastly, IngressNightmare has found four critical bugs in 40% of cloud systems, and a critical VEEAM Backup & Replication vulnerability has been patched. Stay tuned for more updates and remember, stay safe in the cyberspace!

Exploits Alert

1. Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks: Google has released a patch for a vulnerability in Chrome that was reportedly exploited in Russian espionage attacks. The issue has been resolved in Chrome version 134.0.6998.177/.178 for Windows. Source: The Hacker News
2. Active exploitation of DrayTek router vulnerabilities underway in the wild: Cybersecurity firm Forescout disclosed 14 vulnerabilities in 24 different models of DrayTek routers in December 2024. There are now reports of these vulnerabilities being actively exploited. Source: Cyber Daily
3. ACSC shares Critical Alert regarding vulnerabilities in Kubernetes Ingress-NGINX Controllers: The Australian Cyber Security Centre has issued a critical alert for users of Ingress-NGINX Controllers. The flaws could potentially lead to a full cluster compromise if not addressed. Source: Cyber Daily
4. UAC-0212 attack campaign against critical infrastructures in Ukraine: A cybersecurity highlight reveals an attack campaign, UAC-0212, targeting critical infrastructures in Ukraine. The vulnerability CVE-2024-38213 is being exploited in this campaign. Source: INCIBE-CERT
5. How Microsoft's New AI Agents Boost Enterprise Security: Microsoft's new AI agent, Task Optimizer Agent by Fletch, is designed to forecast and prioritize the most critical cyber threat alerts. This aims to reduce alert fatigue and enhance security. Source: Cyber Magazine

Vulnerabilities & Patches

1. Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky (CVE-2025-2783): Google has patched a zero-day vulnerability in Chrome that was exploited in attacks in Russia. The vulnerability was reported by Kaspersky and has been addressed promptly by Google. Source: SecurityWeek, Kaspersky official blog
2. CrushFTP Patch for Unauthenticated Access Flaw: A vulnerability affecting all CrushFTP v11 versions has been addressed. Users are advised to patch their systems immediately to prevent unauthorized access. Source: Bleeping Computer
3. Broadcom Warns of Authentication Bypass in VMware Windows Tools: Broadcom has issued a warning about a vulnerability in VMware Windows Tools that allows for authentication bypass. Over 37,000 internet-exposed VMware ESXi instances were found vulnerable. Source: Bleeping Computer
4. Windows Zero-Day Leaks NTLM Hashes: A new zero-day vulnerability affecting all versions of Windows has been discovered. The vulnerability leaks NTLM hashes and has received an unofficial patch. Source: Bleeping Computer
5. Hackers Exploit Windows MMC Zero-Day Vulnerability (CVE-2025-26633): Hackers have exploited a zero-day vulnerability in Windows MMC to execute malicious code. Federal agencies have been mandated to patch affected systems by April 1, 2025. Source: Cybersecurity News

Podcasts

1. Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 228: This episode features a discussion with Kimberlee Steele of SHL Medical, a global leader in medical technology. The conversation was recorded at SCbio's 2025 annual conference and provides insights into the intersection of healthcare and technology. Source: JD Supra
2. CyberWire Daily. Ep 2272: The CyberWire Daily Podcast discusses the latest cybersecurity news and trends. In this episode, they delve into the cyber threats that you can't ignore and how to protect yourself against them. Source: CyberWire
3. CyberWire Daily. Ep 2271: This episode of the CyberWire Daily Podcast focuses on how scammers are celebrating with a bang, highlighting the importance of being vigilant and aware of the latest scamming tactics. Source: CyberWire
4. How DORA Regulation is Reshaping Crypto Security & Compliance - Ep. 155: This podcast episode from Chainalysis discusses the impact of Europe's DORA regulation on the crypto landscape. It explores how this regulation could change the way financial institutions and crypto assets operate. Source: Chainalysis
5. The Security Incident Has Been Upgraded From “Ouch” to “Boiiiing” - CISO Series: The CISO Series Podcast focuses on cybersecurity vendors and their offerings. This episode discusses a security incident that has been upgraded from "Ouch" to "Boiiiing", providing insights into the severity and impact of security incidents. Source: CISO Series

Final Words

And that's a wrap for today's ONSEC Cyber Daily. As we navigate through the digital landscape, let's remember that our collective vigilance is our strongest defense against cyber threats. Share this newsletter with your friends and colleagues to keep them in the loop about the latest vulnerabilities and patches. Let's continue to build a safer cyber community, one update at a time. Until tomorrow, stay safe and secure!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)