Good morning, ONSEC Cyber Daily readers! Today's issue is packed with critical updates from the cybersecurity world. In a last-minute reversal, the US agency has extended support for the cyber vulnerability database, averting a potential lapse in a program that plays a critical role in our cyber defenses. This move comes as a relief to the cybersecurity community, which had been on edge due to the expected cut-off of payments for the non-profit MITRE Corp's Common Vulnerabilities and Exposures database. In other news, CISA has added one known exploited vulnerability to its catalog, urging all organizations to reduce their exposure to cyberattacks. Meanwhile, Morocco's DGSSI has issued a warning about a critical WhatsApp Windows vulnerability amid rising cybersecurity threats. On the tech front, we have important updates for iPhone, iPad, and Android users. Apple has urged millions of its users to update their devices immediately due to a second zero-day flaw. Android users, on the other hand, have just dodged a bullet as the CVE cybersecurity tracker stays funded. Finally, we have some interesting podcast episodes for you today. Tune in to hear whistleblower allegations about DOGE taking sensitive labor data, explore US-Europe political differences with Alexandra Hall Hall and Jason Pack, and learn how to get ahead of compromised credentials with Permiso Security. Stay safe and stay informed with ONSEC Cyber Daily!

Exploits Alert

1. US Agency Extends Support for Cyber Vulnerability Database: In a last-minute decision, U.S. officials have extended support for the Common Vulnerabilities and Exposures database, managed by the non-profit MITRE Corp. The expected cut-off of payments had caused concern across the cybersecurity community. Source: Claims Journal and MSN
2. CISA Adds One Known Exploited Vulnerability to Catalog: The Cybersecurity and Infrastructure Security Agency (CISA) has added a known exploited vulnerability to its catalog. While the directive applies only to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks. Source: CISA
3. US Government Extends Critical Cybersecurity Funding: The U.S. National Cyber Security Division of the Department of Homeland Security has extended critical cybersecurity funding. This move comes after a warning about potential cybersecurity vulnerabilities. Source: Times of India
4. CISA Extends CVE Program Contract at 11th Hour: The Cybersecurity and Infrastructure Security Agency (CISA) has extended the contract for the Common Vulnerabilities and Exposures (CVE) program at the 11th hour, averting potential disruption. This follows a warning from MITRE about potential vulnerabilities. Source: MeriTalk
5. SOC Alert Fatigue Hits Peak Levels As Teams Battle Notification Overload: Security Operations Center (SOC) teams are battling notification overload, leading to alert fatigue. As cyber threats multiply, cybersecurity experts are facing challenges in threat analysis and vulnerability assessment. Source: GBHackers

Vulnerabilities & Patches

1. This Windows Vulnerability Lets Hackers Into Your PC in Just 300 Milliseconds: A newly discovered Windows vulnerability, CVE-2025-24076, allows hackers to infiltrate your system in just 300 milliseconds. Users are urged to update their systems immediately to protect themselves. Source: MakeUseOf
2. Apple tells millions of iPhone users to update their devices NOW: Apple has issued a warning to millions of iPhone and iPad users to update their devices immediately due to a zero-day flaw, CVE-2025-31201. Users with automatic updates on should already have the patch installed. Source: Daily Mail
3. Multiple Groups Exploit NTLM Flaw in Microsoft Windows: Multiple groups are exploiting a flaw in Microsoft Windows' NTLM. A patch has been released as part of the company's scheduled security update. The exploit appears to be a variant of a previously patched vulnerability. Source: Dark Reading
4. Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure: NVIDIA has released a patch for a secondary flaw, CVE-2025-23359, that directly affects organizations using the NVIDIA Container Toolkit or Docker in AI, cloud, or critical infrastructure. Source: Dark Reading
5. Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits: Oracle has released a security update patching 378 vulnerabilities, including remote exploits. One of the most severe is CVE-2025-24813, affecting Oracle Commerce/Guided Search. Source: Cybersecurity News

Podcasts

1. Exclusive: Whistleblower Alleges DOGE May Have Taken Sensitive Labor Data: This podcast episode by iHeart discusses a whistleblower's allegations that DOGE may have accessed sensitive labor data. The episode features cybersecurity correspondent Jenna McLaughlin. Source: iHeart
2. Work This Way: A Labor & Employment Law Podcast: In this episode, Maynard Nexsen attorneys Erica Barnes and Christian Dysart explore the intersection of white-collar crime and employment law. Source: JD Supra
3. Techdirt Podcast Episode 414: Disruptive Tech Solutions For Reproductive Health: This episode from Techdirt discusses disruptive technology solutions for reproductive health. Source: Techdirt
4. The Just Security Podcast: Sudan Marks Two Years of War: This episode from Just Security discusses the origins, dynamics, and future of conflict in Sudan, marking two years of war. Source: Just Security
5. Ep.112 Tariffs and the Divergence of US and Europe: In this episode from the Royal United Services Institute, Alexandra Hall Hall and Jason Pack explore US-Europe political differences, from democracy to national security. Source: RUSI

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've seen some last-minute saves, critical warnings, and a few close calls. But remember, the world of cybersecurity is ever-evolving, and staying informed is our best defense. Let's continue to share this knowledge and keep our networks safe. If you found today's newsletter helpful, why not share it with your friends and colleagues? Together, we can make a difference in the cybersecurity landscape. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)