Good morning, ONSEC Cyber Daily readers! Today's issue is packed with vital cybersecurity updates that you can't afford to miss. The financial sector is under siege, with experts warning of increasing and sophisticated cyberattacks. We delve into the discovery of a remote code execution bug in PyTorch models, emphasizing the importance of traditional alert and CyberRisk alliances. We also explore the dark web marketplace Nemesis Market and its indicted founder, Behrouz Parsarad. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning against using Censys and VirusTotal in threat hunting operations due to a newly discovered vulnerability in the Windows Update Stack. In plugin news, a critical vulnerability has been found in InstaWP Connect, highlighting the urgent need for patching and updates. Speaking of updates, PyTorch users are urged to update their framework to version 2.6.0 ASAP due to a vulnerability that can lead to remote code execution. We also cover the critical security flaw affecting AiCloud routers and the importance of patching vulnerabilities faster to reduce risks and lower the Cyber Risk Index. In the education sector, we discuss the latest episode of Innovations and Education, focusing on cybersecurity in K-12 education. We also feature several podcasts, including Proton66's malware highway, Breach Ready's rethinking of Zero Trust and Lateral Movement Defense, and the AI Fix's claim of an AI being the best computer programmer in the world. Stay tuned for more updates on how cybersecurity failures are putting millions of patients at risk and the challenges ahead for the NVD and CVE. Enjoy today's read and stay safe!

Exploits Alert

1. Cybersecurity Challenges in Financial Sector: Experts Warn: Cybersecurity experts have warned of increasing and sophisticated cyberattacks in the financial sector. They emphasized the need for robust security measures to counter these threats. Source: THISDAYLIVE
2. Remote Code Execution Bug Found in PyTorch Models: A vulnerability has been discovered in PyTorch models, highlighting the importance of applying traditional security measures in the AI field. Source: MSSP Alert
3. Exposure Assessment Platforms Promise to Become a GPS for Security Pros: Exposure assessment platforms are emerging as a new tool for security professionals, providing a "GPS" for navigating cybersecurity threats. Source: SC Media
4. CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops: CISA has issued a warning against using Censys and VirusTotal in threat hunting operations due to a newly discovered vulnerability in the Windows Update Stack. Source: GBHackers
5. Critical CVE-2025-2636 Vulnerability in InstaWP Connect Plugin: A critical vulnerability has been found in the InstaWP Connect Plugin, amidst ongoing cyberattacks on Moroccan government and public sector websites. Users are advised to update their plugins to the latest version. Source: The Cyber Express

Vulnerabilities & Patches

1. Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation: A high-risk vulnerability, CVE-2025-21204, has been identified in the Windows Update Stack, allowing potential attackers to execute arbitrary code. Users are urged to apply the latest patches to mitigate this threat. Source: cybersecuritynews.com
2. Working PoC exploit for critical Erlang/OTP SSH bug is public: A proof-of-concept exploit for a critical SSH bug in Erlang/OTP, CVE-2025-32433, is now public. The Erlang/OTP team has released a patch, and users are advised to update to the latest version. Source: helpnetsecurity.com
3. Update PyTorch ASAP: A critical vulnerability, CVE-2025-32434, has been discovered in the PyTorch framework, potentially leading to remote code execution. Users are urged to update the PyTorch framework to version 2.6.0 as soon as possible. Source: kaspersky.com
4. ASUS reveals critical security flaw affecting AiCloud routers: A critical security flaw, CVE-2025-2492, has been revealed in ASUS's AiCloud routers. The flaw can be exploited via a custom-tailored request, and users are advised to apply the latest patches immediately. Source: msn.com
5. Patching Vulnerabilities Faster Reduces Risks & Lower Cyber Risk Index: Organizations are struggling to keep up with the thousands of patches and updates released each month. Faster patching of vulnerabilities can significantly reduce risks and lower the Cyber Risk Index. Source: itsecuritynews.info

Podcasts

1. Cybersecurity in K-12 Education | eSchool News: This podcast discusses the importance of cybersecurity in K-12 education, highlighting the latest innovations and trends in Ed Tech. It emphasizes the need for schools to prioritize cybersecurity to protect sensitive student data. Source: eSchool News
2. Proton66's malware highway | CyberWire: Hosted by Kim Jones, this episode of the CISO Perspectives podcast previews the latest threats in the cybersecurity landscape, focusing on the Proton66 malware. Source: CyberWire
3. Breach Ready: Rethinking Zero Trust and Lateral Movement Defense | TechSpective: This podcast episode rethinks the concept of Zero Trust and lateral movement defense in cybersecurity, emphasizing that cybersecurity isn't what it used to be, and that's a good thing. Source: TechSpective
4. Co-ops Confront Growing Threat of Third-Party Cyber Incidents | Along Those Lines: In this episode, NRECA Director of Cybersecurity Carter Manucy discusses the growing threat of third-party cyber incidents faced by co-ops. Source: Electric Co-op
5. The AI Fix #47: An AI is the best computer programmer in the world | Graham Cluley: This award-winning cybersecurity podcast discusses how AI has become the best computer programmer in the world, exploring the implications of this development. Source: Graham Cluley

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered a lot of ground, from the increasing cybersecurity challenges in the financial sector to the latest vulnerabilities and patches. As we navigate this digital landscape, it's crucial to stay informed and vigilant. Remember, knowledge is power, and in the world of cybersecurity, it's our first line of defense. If you found this newsletter helpful, why not share it with your friends and colleagues? Together, we can build a safer, more secure digital world. Stay tuned for tomorrow's edition where we'll bring you more updates from the ever-evolving world of cybersecurity. Until then, stay safe and secure!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn