Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a whirlwind of cybersecurity threats and vulnerabilities that are keeping the digital world on its toes. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings about a Progress WhatsUp Gold Path Traversal Vulnerability and an active exploitation of a Cisco Small Business Router Flaw. These vulnerabilities expose systems to remote code execution and critical command injection, respectively. Meanwhile, ransomware gangs are keeping a close eye on CISA's vulnerabilities catalog, exploiting flaws like BioNTdrv.sys to gain SYSTEM privileges on Windows. The cybersecurity landscape is becoming increasingly industrialized, with attackers automating vulnerability exploits within hours of disclosure. In other news, Substack's custom domain vulnerability could expose thousands to potential hijacking, and MediaTek is warning of multiple high-severity vulnerabilities in its system-on-chip. Google has been busy patching 44 Android flaws, two of which were already being exploited. On the brighter side, Samsung's March 2025 patch has enhanced security with over 58 vulnerability fixes. However, a backup flaw in Nakivo is still present on some systems months after the firm's 'silent patch'. In the podcast world, we have a new episode from CyberWire discussing whether it's cyber peace or just a buffer. Also, don't miss the latest episode from Shared Security Podcast discussing the cybersecurity impact of DOGE and Apple's stand against encryption backdoors. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote code Execution: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a path traversal vulnerability in Progress WhatsUp Gold that could expose systems to remote code execution. Source: GBHackers
2. CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw: CISA has issued an urgent warning about the active exploitation of a critical command injection vulnerability (CVE-2023-20118) in Cisco Small Business Routers. Source: GBHackers
3. Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs: Ransomware gangs are reportedly monitoring the CISA vulnerabilities catalog, highlighting the importance of timely patching and vulnerability management. Source: MSSP Alert
4. Attackers Automating Vulnerability Exploits with Few Hours of Disclosure: GreyNoise's 2025 Mass Internet Exploitation Report reveals a systematic industrialization of cyberattacks, with threat actors leveraging automation to exploit vulnerabilities within hours of their disclosure. Source: Cybersecurity News
5. Ransomware groups exploit BioNTdrv.sys flaws to gain SYSTEM privileges on Windows: Ransomware groups are exploiting flaws in BioNTdrv.sys to gain SYSTEM privileges on Windows, with BYOVD attacks becoming increasingly popular among cybercriminals. Source: Tech Monitor

Vulnerabilities & Patches

1. Google Fixes 44 Android Flaws, 2 Actively Exploited: Google has patched 44 Android vulnerabilities, two of which were already being exploited by hackers. Android users are urged to update their devices immediately. One of the exploited vulnerabilities is identified as CVE-2024-43093. Source: VPNRanks
2. Progress WhatsUp Gold Path Traversal Vulnerability Exposes Systems to Remote code Execution: A path traversal vulnerability (CVE-2024-4885) in Progress WhatsUp Gold exposes systems to remote code execution. As threat actors refine techniques for weaponizing path traversal flaws, proactive patch management and layered security are recommended. Source: GBHackers
3. Samsung March 2025 Patch enhances security with over 58 vulnerability fixes: Samsung's March 2025 patch enhances security by fixing over 58 vulnerabilities. Some of these vulnerabilities were already covered in earlier patches. Source: SammyFans
4. Nakivo backup flaw still present on some systems months after firms' 'silent patch', researchers claim: Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw. The flaw is still present on some systems. Source: ITPro
5. Paragon Partition Manager Vulnerabilities Allow Attackers to Escalate Privileges and Trigger: Security researchers have uncovered five significant vulnerabilities in Paragon Partition Manager's BioNTdrv.sys driver. These vulnerabilities allow attackers to escalate privileges and trigger unspecified impacts. Source: GBHackers

Podcasts

1. APDR Podcast Episode 83 with host Kym Bergmann - Asia Pacific Defence Reporter: This episode features Kym Bergmann discussing various topics related to cyber security, IT, simulation & training, and government policy. Source: Asia Pacific Defence Reporter
2. Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 224 - JD Supra: In this episode, Lauren and Heather are joined by Steve McPheeters, who currently serves as EVP and Chief Legal Officer. They discuss various topics related to health care and life sciences. Source: JD Supra
3. Is it cyber peace or just a buffer? - CyberWire: This episode of Afternoon Cyber Tea discusses the concept of cyber peace and its implications. The host, Dave Bittner, is a security podcast host and one of the founders at CyberWire. Source: CyberWire
4. Handmade Car Factory; Lifesaving Jet Design; Ford F-150 Security | Today in Manufacturing Ep. 209: This episode covers a range of topics including a handmade car factory, a lifesaving jet design, and Ford F-150 security. Source: Manufacturing.net
5. Announcing: Audiocasts - A New Podcast-Like Training Content Type - KnowBe4 blog: This episode introduces a new podcast-like training content type called Audiocasts. The Security Awareness Company has created several journalistic-style episodes for Diamond level of KSAT. Source: KnowBe4 blog

Final Words

And that's a wrap for today's ONSEC Cyber Daily. Remember, the digital world is a battlefield and every click, every download, every update matters. Stay vigilant, stay updated, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. They might find it useful too, and you'll be helping to create a safer cyber community. Until tomorrow, keep your data close and your firewalls closer. Stay safe out there!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn