Good morning, ONSEC Cyber Daily readers! In today's issue, we're diving into a sea of vulnerabilities and warnings that have been making waves in the cyber world. We begin with Bitdefender's March 2025 Threat Debrief, which highlights the relentless pursuit of cybercriminals in finding and exploiting vulnerabilities. Speaking of vulnerabilities, OpenSSH's Agent Forwarding RCE has been under the microscope, with a warning issued about its security implications. The Cybersecurity and Infrastructure Security Agency (CISA) has also been busy, issuing an alert about a new malware targeting Ivanti's zero-day vulnerability. In a similar vein, a shocking 1.5 million private photos have been leaked from BDSM dating apps due to an easily exploited security flaw. Google Chrome users, take note! The US Cyber Defense Agency has set an April 17 deadline for you to update your browser due to a critical vulnerability. Meanwhile, Tony Anscombe from ESET shares insights on how cybercriminals exploited a year-old vulnerability. The FBI has also issued a document warning about Resurge exploits Ivanti, while the NSA has urged iPhone and Android users to change their message settings due to a Signal vulnerability. In the UK, the National Cyber Security Agency is urging Next.js users to patch a flaw immediately, while Google has acted quickly to patch a Chrome vulnerability exploited in Russian phishing attacks. We'll also be discussing the horrifying Kubernetes vulnerability, "IngressNightmare", and CISA's analysis of malware used in Ivanti zero-day attacks. Finally, we'll be sharing some interesting cybersecurity podcasts and episodes for you to tune into, including a chat with Subramanian Naraynaswamy from Wells Fargo on the "What the FinTech?" podcast, and an episode of "The Cybersecurity Bridge" with Greg Bell from Corelight. Stay safe, stay updated, and let's dive in!

Exploits Alert

1. Bitdefender Threat Debrief: March 2025: Bitdefender's March 2025 threat debrief highlights the focus of cybercriminals on finding vulnerabilities, regardless of their motivation. The report provides an in-depth analysis of the latest threats and vulnerabilities. Source: MSSP Alert.
2. Technical Analysis Published for OpenSSH's Agent Forwarding RCE Vulnerability: A technical analysis has been published for OpenSSH's Agent Forwarding RCE vulnerability, warning about its security implications. The vulnerability could potentially be exploited by cybercriminals. Source: Cyber Security News.
3. CISA warns new malware targeting Ivanti zero-day vulnerability: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about new malware targeting a zero-day vulnerability in Ivanti. The vulnerability could potentially be exploited by cybercriminals. Source: Cybersecurity Dive.
4. Urgent warning as 1.5 MILLION private photos are leaked from BDSM dating apps: Cybernews researchers have discovered a vulnerability in BDSM dating apps that has led to the leak of 1.5 million private photos. The vulnerability put up to 900,000 users at risk of further hacks. Source: Daily Mail.
5. Google Chrome Warning: US Cyber Defense Agency Sets April 17 Deadline to Update Browser: The US Cyber Defense Agency has set an April 17 deadline for Google Chrome users to update their browsers due to a critical CVE-2025-2783 vulnerability exploited in Operation ForumTroll attack. Source: Analytics Insight.

Vulnerabilities & Patches

1. NCSC Urges Users to Patch Next.js Flaw Immediately: The UK's National Cyber Security Agency has urged users of Next.js to immediately patch the CVE-2025-29927 flaw to prevent potential cyber attacks. Source: Infosecurity Magazine
2. Google Patches Chrome 0-Day Used in Live Attacks on Russian Targets: Google has patched a Chrome 0-day vulnerability (CVE-2025-2783) that was being exploited in live phishing attacks on Russian targets. Source: The Hacker News
3. CISA: Addressed Ivanti Bug Leveraged by Novel RESURGE Malware: Ivanti Connect Secure instances that remain vulnerable to the patched stack-based buffer overflow bug (CVE-2025-0282) have been reported. Users are advised to apply the patch to prevent exploitation by the RESURGE malware. Source: SC Media
4. Google Acts Quickly to Patch Chrome Vulnerability Exploited in Russian Phishing Attacks: Google has swiftly patched a severe Chrome vulnerability (CVE-2025-2783) that was being exploited in phishing attacks in Russia. The bug existed at the intersection of Google Chrome's sandbox and Microsoft Windows. Source: MSN
5. The One with Ross and the Horrifying Kubernetes Vulnerability: Approximately 4500 Kubernetes clusters are exposed to remote exploitation due to the "IngressNightmare" and CVE-2025-1974 vulnerabilities. A working exploit is available, and users are advised to patch their systems immediately. Source: The Stack

Podcasts

1. ICE on Campus - The New York Times: This episode features Hamed Aleaziz, who covers the Department of Homeland. The podcast discusses the presence of ICE on university campuses, focusing on the implications for students and the wider community. Source: New York Times
2. What the FinTech? | S.6 Episode 5 | Fintech trends, emerging risks, and the awards scene: In this episode, Subramanian Naraynaswamy, Executive Director at Wells Fargo, discusses the latest trends in Fintech, emerging risks, and the awards scene. The podcast also covers topics related to Cybersecurity and Fraud & Crime Prevention. Source: Fintech Futures
3. The Cybersecurity Bridge - Greg Bell, Corelight - YouTube: Greg Bell, Co-Founder & CSO at Corelight, joins theCUBEresearch analyst Jon Oltsik for the third episode of The Cybersecurity Bridge. The podcast provides insights into the world of cybersecurity from industry experts. Source: YouTube
4. Understanding Privacy Changes: eBay's AI Policy and The Future of Data Privacy: Hosted by Tom Eston, this episode discusses eBay's AI policy and the future of data privacy. The podcast provides a deep dive into the implications of privacy changes for businesses and consumers. Source: Security Boulevard
5. The toughest decisions CISOs have to make, MCP servers, Napster's comeback – ESW #400: This episode discusses the challenging decisions that CISOs have to make, the role of MCP servers, and Napster's comeback. The podcast provides a comprehensive view of the current cybersecurity landscape. Source: SC World

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've delved into the latest vulnerabilities, warnings, and patches, and explored the ever-evolving world of cybersecurity. Remember, knowledge is power. The more we know, the better we can protect ourselves and our digital assets. If you found this information valuable, don't keep it to yourself. Share this newsletter with your friends and colleagues. Let's create a more secure digital world together, one day at a time. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)