Welcome to the ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. In today's issue, we delve into the high-risk warning issued by CERT-In for WhatsApp Desktop app users, highlighting the potential vulnerability that could allow cybercriminals to steal your personal information. We also explore the emerging threats in aging technology, with a focus on cybersecurity vulnerabilities in legacy medical devices. In other news, Dell has issued a critical alert regarding several vulnerabilities in its PowerScale OneFS operating system, while SonicWall has patched multiple vulnerabilities in its NetExtender Windows client. We also discuss the zero-day vulnerability in CentreStack that's being exploited to breach enterprise file servers. On the patching front, Microsoft has addressed an actively exploited zero-day vulnerability in Windows, while Google's latest update brings critical security fixes to Pixel users. We also cover the recent disclosure of a Zen 5 CPU microcode vulnerability by AMD and the incomplete patch in NVIDIA Toolkit that leaves CVE-2024-0132 open to container escapes. Finally, we bring you the latest episodes from popular cybersecurity podcasts, including Cyber Uncut, Security Boulevard Chats, and the Security Clearance Careers Podcast. Stay tuned for all this and more in today's ONSEC Cyber Daily. Stay safe and informed!

Exploits Alert

1. CERT-In issues high-risk warning for WhatsApp Desktop app: The Indian cybersecurity agency CERT-In has issued a high-risk warning for the WhatsApp Desktop app. The vulnerability could allow cybercriminals to access data, steal information, or run harmful code on affected systems. Users are advised to keep their operating system and antivirus updated. Source: Mathrubhumi, Times Now News.
2. Cybersecurity vulnerabilities in legacy medical devices: A recent hearing highlighted the cybersecurity vulnerabilities in legacy medical devices. In September 2022, the FBI issued a Private Industry Notification warning about these potential threats. Source: JD Supra.
3. Dell Alerts Users to Critical PowerScale OneFS Flaws: Dell has issued a warning about several critical vulnerabilities in its PowerScale OneFS operating system. These vulnerabilities could potentially allow for user account takeovers. Source: GBHackers, Cyber Security News.
4. SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client: SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows client. Users are advised to apply patches as soon as possible. Source: GBHackers.
5. Zero-Day Vulnerability in CentreStack Exploited to Breach Enterprise File Servers: A zero-day vulnerability in CentreStack has been exploited to breach enterprise file servers. Users are advised to encrypt their data and stay vigilant against potential hacker attacks. Source: MSSP Alert.

Vulnerabilities & Patches

1. Microsoft Patches Actively Exploited Zero-Day Vulnerability in Windows (CVE-2025-29824): Microsoft has patched a significant zero-day vulnerability in Windows with its April Patch Tuesday update. The issue, identified as CVE-2025-29824, was actively exploited and has now been addressed. Source: www.guru3d.com
2. Zero-Day in CentreStack File Sharing Platform Under Attack: A zero-day vulnerability in the CentreStack File Sharing Platform is currently under attack. Both CVE.org and the NVD have acknowledged the vulnerability, and Microsoft has released a massive patch update in response. Source: www.darkreading.com
3. Google's Newest Update Brings Critical Security Fixes to Pixel (CVE-2024-53150): Google has released a new update that patches a second vulnerability under limited, yet active exploitation. The vulnerability, identified as CVE-2024-53150, has been addressed in this release. Source: www.androidpolice.com
4. CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-31161): A vulnerability in CrushFTP, identified as CVE-2025-31161, is being exploited in the wild. The product vendor has already released a patch version addressing this vulnerability. Source: www.broadcom.com
5. Google Patches Critical Android Zero-Day Flaws Exploited in the Wild (CVE-2024-53197): Google has patched critical Android zero-day flaws that were being exploited in the wild. The vulnerability, identified as CVE-2024-53197, allows remote privilege escalation through the Android USB kernel, requiring no user interaction. Source: www.udaipurkiran.in

Podcasts

1. Cyber Uncut Podcast: In this episode, David Hollingworth and Daniel Croft discuss the recent cyber attacks on Western Sydney University and superannuation hacks. They also express concerns over potential cyber threats in the upcoming Aussie elections. Source: Cyber Daily.
2. Security Boulevard Chats Podcast: This podcast features Pritesh Parekh, a cybersecurity expert, who discusses the risks posed by AI-powered systems and the recent DOGE Security Breach. Source: Security Boulevard.
3. Security Clearance Careers Podcast: In the latest episode, attorney Sean Bigley and ClearanceJobs' Lindy Kyzer tackle a tricky question many security professionals face - whether or not to be a "security snitch". Source: ClearanceJobs.
4. Out of the Dark Podcast: This podcast focuses on how to protect your family and business from cyber threats in an increasingly digital world. Source: Signals AZ.
5. Afternoon Cyber Tea: Hosted by Dave Bittner, a security podcast host and one of the founders at CyberWire, this podcast discusses the major breach at the US Treasury's OCC. Source: CyberWire.

Final Words

That's a wrap for today's ONSEC Cyber Daily. We've covered a lot of ground, from high-risk warnings for WhatsApp Desktop app to critical vulnerabilities in Dell's PowerScale OneFS operating system. We've also touched on the importance of staying updated with patches and updates to keep your systems secure. Remember, in the world of cybersecurity, knowledge is power. If you found today's newsletter helpful, why not share it with your friends and colleagues? They might appreciate the heads up on these potential threats. After all, cybersecurity is a team sport, and we're all in this together. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn