Welcome to today's issue of ONSEC Cyber Daily. We're diving into a whirlwind of warnings, vulnerabilities, and urgent patches that are making waves in the cybersecurity landscape. Google has set a 20-day deadline for Android users to update their phones due to an unspecified vulnerability, CVE-2024-43093, that has caught the attention of the U.S. cyber defense agency. Meanwhile, tech giant NVIDIA is also on high alert, issuing a warning about severe security flaws that could enable code attacks. The threat doesn't stop there. The FBI has flagged potential cyber risks in texts between Android and iPhone users, and the Chinese cyber espionage is reportedly growing across all industry sectors. In other news, the U.S. Treasury has added Windows and router vulnerabilities to its actively exploited list, and VMware is urging customers to patch actively exploited zero-day vulnerabilities. Stay tuned for more updates on these stories and a deep dive into the top 10 free vulnerability intelligence platforms. Remember, staying informed is the first step in staying secure.

Exploits Alert

1. Google Android Deadline—You Have 20 Days To Update Your Phone: The U.S. cyber defense agency has issued a warning about an unspecified vulnerability (CVE-2024-43093) in Google Android, urging users to update their phones within 20 days. Source: Forbes
2. NVIDIA Issues Warning About Severe Security Flaws Enabling Code Attacks: NVIDIA has issued a warning about a recently patched remote code execution (RCE) vulnerability in Microsoft Windows' Key Distribution Center. Source: GBHackers
3. Chinese Cyber Espionage Growing Across All Industry Sectors: Security researchers are warning of a significant global rise in Advanced Persistent Threats and cyberattacks, with Chinese cyber espionage reportedly growing across all industry sectors. Source: CIO
4. FBI Warns Texts Between Android and iPhone Users Pose Cyber Risk: The FBI and a leading federal cybersecurity agency are warning Android and iPhone users about a new USB-C vulnerability that poses a cyber risk. Source: MSN
5. Feds Add Windows, Router Vulnerabilities to Actively Exploited List: The U.S. Treasury has added new Windows and router vulnerabilities to its list of actively exploited cyber threats, warning users about a new 'browser syncjacking' cyberattack that allows hackers to take over computers via Chrome. Source: Mashable

Vulnerabilities & Patches

1. VMware Warns of New Vulnerabilities Being Exploited by Hackers: VMware has issued an advisory warning about the exploitation of three new vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. These vulnerabilities could allow attackers with administrative access to break out of guest OS sandboxes and seize hypervisor control. Federal civilian agencies have until March 25 to patch them. Source: The Record, The Stack, SC Magazine, Security Intelligence, The Hacker News, SecurityWeek, Cybersecurity News.
2. Google Patches Critical Android Vulnerabilities: Google has released patches for two critical Android vulnerabilities, CVE-2024-43093 and CVE-2024-50302, which are currently being exploited in the wild. The vulnerabilities could lead to privilege escalation and unauthorized access. Users are urged to update their devices for security protection against these active exploits. Source: Techgenyz, Tom's Guide, heise online, Dataconomy, SecurityWeek, Bleeping Computer.
3. CISA Flags Active Exploits In Windows, Cisco: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged active exploits in Windows and Cisco. Among the vulnerabilities is CVE-2018-8639, a decade-old Microsoft Windows privilege escalation flaw, which has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Microsoft patched this vulnerability back in December 2018. Source: TechWorm, GBHackers, SecurityWeek.
4. Several Flaws Added to CISA Known Exploited Vulnerabilities Catalog: CISA has added several new flaws to its Known Exploited Vulnerabilities catalog. While the specific vulnerabilities have not been disclosed, it is known that they do not include CVE-2023-20118, which will no longer be fixed by Cisco. Source: SC Media.
5. Broadcom Patches 3 VMware Zero-Days Exploited in the Wild: Broadcom has released patches for three VMware zero-days, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, after Microsoft warned it of exploitation. These vulnerabilities could allow attackers to execute malicious code. Source: SecurityWeek.

Podcasts

1. Address Data Loss from Insider Threats with DTEX Systems - CISO Series: In this episode, Mohan Koo, president & co-founder of DTEX Systems, discusses how to address data loss from insider threats. The episode is part of the CISO Series Podcast LIVE in Nashville 09-2023. Source: CISO Series
2. Best Of BPR 3/04: "The Time For Waiting And Seeing Is Over," Says Cybersecurity Expert - WGBH: This episode of Boston Public Radio Podcast features a discussion with a cybersecurity expert who was recently fired by DOGE. The expert emphasizes that the time for waiting and seeing is over in the cybersecurity landscape. Source: WGBH
3. Juggling Cyber Risk Without Dropping the Ball: Five Tips for Risk Committees to Regain Control of Threats - Security Boulevard: This episode on Techstrong.tv Podcast provides five tips for risk committees to regain control of threats and effectively juggle cyber risk. Source: Security Boulevard
4. Ep.104 Trump and Putin - the Bromance reignited: with Sir Bill Browder - RUSI: This episode features a discussion with Sir Bill Browder about the reignited bromance between Trump and Putin. The hosts and RUSI Director of International Security Neil Melvin discuss the implications of this relationship. Source: RUSI
5. AGG Talks: Home Health & Hospice Podcast - Episode 9: The Impact of AI and Prior - JD Supra: In this episode, AGG Healthcare attorneys Bill Dombi and Jason Bring discuss the role of managed care, artificial intelligence, and prior in home health and hospice. Source: JD Supra

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered a lot of ground, from Google's Android update deadline to the rise of Chinese cyber espionage, and the ever-growing list of vulnerabilities that are being actively exploited. Remember, the cyber world is constantly evolving, and staying informed is your first line of defense. So, don't forget to update your devices, patch your systems, and stay vigilant. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, stay safe and stay secure.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)