Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Today, we're diving into a series of critical cyber threats and vulnerabilities that are making headlines across the globe. First up, we're looking at the recent IVF cyber attack in Australia, which US security groups warn is just the beginning of a wave of large-scale cyberattacks. Meanwhile, Microsoft is taking legal action against global cybercrime network Storm-2139, accused of developing sophisticated cyber threats. In the realm of vulnerabilities, we're seeing a surge in exploits, with cybercriminals and state-sponsored groups targeting VMware vulnerabilities and an unpatched Telegram for Android 0-Day vulnerability. Hitachi Energy is also in the spotlight with OpenSSL vulnerabilities in its PCU400 and Relion 670/650/SAM600-IO products. We'll also discuss the rise in ransomware activity, as highlighted in a report by Travelers, and Google's new AI-powered scam detector for Android users. WordPress site owners are also urged to be vigilant against the Jupiter X Core WordPress plugin, a prime target for cybercriminals. In the patching world, Google has addressed 43 security vulnerabilities in Android, while Microsoft has patched a zero-click Windows vulnerability. We'll also delve into the critical vulnerabilities in VMware ESXi instances, ZITADEL, Sitecore, and LibreOffice, and the urgent fixes released by Elastic for a critical Kibana flaw. Finally, we'll wrap up with a roundup of the latest cybersecurity podcasts, including discussions on ransomware trends, AI in the fight against cybercrime, and the increasing consolidation of vendors in the SOC. Stay tuned for these stories and more in today's issue of ONSEC Cyber Daily.

Exploits Alert

1. IVF Cyber Attack Warning: US security groups warn of increasing cyberattacks on Australian healthcare organizations, including MediSecure and Genea, emphasizing the need for robust security measures. Source: The Australian
2. Microsoft vs. Storm-2139: Microsoft has initiated legal action against the global cybercrime network Storm-2139, accused of developing and distributing malicious software. Source: Mondaq
3. VMware Zero-Days Exploited: Cybercriminals and state-sponsored groups are exploiting VMware vulnerabilities to establish long-term persistence, according to Broadcom. Source: MSSP Alert
4. EvilLoader Targets Telegram: An unpatched 0-day vulnerability in Telegram for Android is being exploited by EvilLoader, increasing the risk of widespread abuse. Source: GBHackers
5. Hitachi Energy Vulnerabilities: Hitachi Energy's PCU400 and Relion 670/650/SAM600-IO products have vulnerabilities that could allow anyone with user credentials to bypass the security controls. Source: CISA, CISA

Vulnerabilities & Patches

1. Android's CVE-2024-53104 Vulnerability: A patch for CVE-2024-53104, an out-of-bound write to USB Video Class Driver, has been included in the February 2025 Android security bulletin. This patch addresses a significant security concern for Android users. Source: SC Media
2. Zero-Day Exploits in Android: Google has patched two zero-day exploits, CVE-2024-43093 and CVE-2024-50302, which are privilege escalation flaws. These patches are critical for maintaining the security of Android devices. Source: Lifehacker Australia
3. Chaty Pro Plugin Vulnerability: A new advisory by PatchStack has revealed an arbitrary file upload vulnerability (CVE-2025-26776) within the Chaty Pro Plugin, exposing 18,000 WordPress sites. PatchStack has issued a patch to address this issue. Source: Infosecurity Magazine
4. Windows Zero-Click Vulnerability: Microsoft has patched a zero-click vulnerability, CVE-2025-21298, which carries a near-maximum CVSS severity rating of 9.8. This flaw could allow attackers to remotely execute malicious code, making the patch crucial for Windows users. Source: Cyber Kendra
5. VMware ESXi Instances Vulnerability: A critical zero-day flaw, CVE-2025-22224, has been found in over 37,000 VMware ESXi instances, most of which are located in China, France, and the U.S. VMware has released a patch to address this vulnerability. Source: Cybersecurity Dive

Podcasts

1. Cyber Uncut Podcast: In this episode, Aaron Bugal from Sophos discusses the latest trends in ransomware and how AI is being utilized in the fight against cyber crime. Source: Cyber Daily
2. Cyberwire Daily: This episode features a live recording with Dave Bittner and Dr. Zero Trust, discussing various aspects of cyber security. Please note, there may be some background noise due to the live recording. Source: Security Boulevard
3. 35 West: Ryan C. Berg and Elizabeth Dickinson discuss security issues in the Andes, focusing on the impact of aid freezes. Source: CSIS
4. Work This Way: A Labor & Employment Law Podcast: John shares insights into the most common types of MSHA investigations in recent years and provides advice on how mine operators can stay compliant. Source: JD Supra
5. AGG Talks: Cross-Border Business Podcast: Mike Burke and Gabe Scannapieco discuss U.S. enforcement trends in this episode, providing valuable insights for international businesses. Source: JD Supra

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we can't help but reflect on the increasing complexity and sophistication of cyber threats. From the IVF cyber attack in Australia to the unpatched vulnerabilities in popular software, it's clear that no one is immune to the potential risks. But remember, knowledge is power. By staying informed and vigilant, we can all play a part in strengthening our collective cybersecurity. So, let's continue to learn, share, and protect. If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. They too can benefit from staying up-to-date on the latest cyber threats and security news. Thank you for being a part of our community. Stay safe, stay secure, and see you in the next edition of ONSEC Cyber Daily.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn