Welcome to the ONSEC Cyber Daily for April 18th. Today's issue is packed with critical updates and alerts. The Cybersecurity and Infrastructure Security Agency (CISA) has been busy issuing warnings about vulnerabilities in legacy Oracle systems, Cisco Webex, and SonicWall. Apple is urging iPhone users to update their devices immediately following a recent attack. In other news, the CVE-2025-24054 is under active attack, stealing NTLM credentials on file download. This comes despite Microsoft's recent patch update. Speaking of patches, Apple has released several to address security vulnerabilities in iOS and iPadOS. We also delve into the importance of the CVE program, which was nearly defunded, and how it plays a crucial role in patch management programs worldwide. Finally, we have a selection of cybersecurity podcasts for you to tune into, including discussions on the future of war, the need for a cybersecurity incident response plan, and how to develop a culture of security in your business. Stay safe, stay updated, and stay ahead with ONSEC Cyber Daily.

Exploits Alert

1. CISA Flags Risks from Legacy Oracle Cloud Credential Leak: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a security breach involving legacy Oracle systems. The exposed credentials pose a significant risk to users. Source: MSSP Alert
2. Cisco Webex Vulnerability: A new vulnerability in Cisco Webex allows hackers to execute code through malicious meeting links. CISA has issued a public warning in response to this threat. Source: GBHackers
3. CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild: CISA has issued an urgent alert regarding a critical SonicWall vulnerability that is being actively exploited. Users are advised to take immediate action to mitigate the risk. Source: Cybersecurity News
4. CISA Issues Alert on SonicWall Flaw Being Actively Exploited: A critical security alert has been issued by CISA after confirming active exploitation of a SonicWall flaw. Users are urged to take immediate action to protect their systems. Source: GBHackers
5. Apple tells iPhone users to update their devices NOW after 'attack': Apple has issued a warning to iPhone users to update their devices immediately following a recent attack. The vulnerability could potentially impact a large number of users. Source: Daily Mail

Vulnerabilities & Patches

1. CVE-2025-24054 Under Active Attack: This vulnerability, which steals NTLM credentials on file download, was patched by Microsoft last month. NTLM is a legacy authentication protocol that Microsoft still uses. Source: The Hacker News
2. Critical Erlang/OTP SSH pre-auth RCE: A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed. This vulnerability allows for unauthenticated remote code execution and is surprisingly easy to exploit. Source: Bleeping Computer
3. Apple patches security vulnerabilities in iOS and iPadOS: Apple has patched a vulnerability, CVE-2025-31200, that could result in code execution due to a memory corruption issue when processing an audio stream in a maliciously crafted media file. Source: Malwarebytes
4. NTLM Hash Exploit Targets Poland and Romania: The flaw, tracked as CVE-2025-24054, affects Windows systems and can be triggered using a specially crafted .library-ms file. Once a user interacts with the file, their NTLM hash is stolen. Source: Infosecurity Magazine
5. Apple's x.4.1 OS Updates Patch Exploited Security Vulnerabilities: A bug in CoreAudio (CVE-2025-31200) allowed processing an audio stream in a maliciously crafted media file to result in code execution. This bug has been patched in the latest Apple OS update. Source: TidBITS

Podcasts

1. Cyber Uncut Podcast: In this episode, David Hollingworth and Daniel Croft discuss the surprising resignation of Chris Krebs from SentinelOne and the recent hacking and breach of 4chan. They also delve into the near loss of the CVE program. Source: CyberDaily
2. Money Stuff Podcast: Matt and Katie answer reader questions about a variety of topics including law firm IPOs, cyber horses, private credit marketplaces, and S&P 500 basis ETFs. They also discuss the option value. Source: Bloomberg
3. Cyber Security Podcast Series: The 16th episode of this series explores the concept of cyber war. The hosts discuss how countries may resort to cyber warfare to inflict damage on each other in the coming years. Source: YouTube
4. We Get Privacy for Work: Hosts Damon Silver and Joe Lazzarotti, leaders of the firm's Privacy, Data and Cybersecurity division, discuss the importance of having a cybersecurity incident response plan. Source: Jackson Lewis
5. Contested Ground: In this episode, hosts Phil Tarrant and Major General (Ret'd) Dr Marcus Thompson discuss how businesses can develop a culture of security. They provide insights into building a secure business environment. Source: Defence Connect

Final Words

And that's a wrap for today's ONSEC Cyber Daily! We've covered a lot of ground, from the risks of legacy Oracle systems to the latest vulnerabilities in Apple's iOS. Remember, in the world of cybersecurity, knowledge is power. The more we know, the better we can protect ourselves and our organizations. If you found this information useful, don't keep it to yourself. Share this newsletter with your friends, colleagues, and anyone else who could benefit from staying in the loop about the latest cybersecurity threats and solutions. Before we sign off, we'd like to leave you with one final thought: In the digital age, security isn't just about locks and alarms. It's about staying one step ahead of the hackers. So, keep learning, stay vigilant, and let's make the cyber world a safer place together. See you tomorrow for more updates from the frontlines of cybersecurity. Stay safe out there!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)