Welcome to your daily dose of cyber security news from ONSEC Cyber Daily. Today, we're diving into the world of vulnerabilities and patches, with a focus on the critical threats that are making headlines. Armis is offering free access to its real-time cyber threat database, a move that comes amid warnings of AI-powered cyberwarfare attacks. Meanwhile, the lack of continuous vulnerability assessment is being identified as a significant gap in IT decision-making. In other news, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged critical vulnerabilities in industrial control systems from Siemens, Schneider Electric, and ABB. These advisories serve as a stark warning to operators, highlighting the increasing frequency and severity of cyberattacks on industrial infrastructure. On the patching front, GitLab, ASUS, and Zyxel have all released patches for various vulnerabilities, while NinjaOne is unifying patch and vulnerability management to reduce risk and response time. We'll also be discussing changes to the CVE program and how they impact your AppSec strategy. Finally, we'll be tuning into the latest cybersecurity podcasts, with episodes covering everything from cyber traps to data resilience. Stay tuned for all this and more in today's issue of ONSEC Cyber Daily.

Exploits Alert

1. Armis Offers Free Access to Real-Time Cyber Threat Database: Armis, a cybersecurity company, is providing free access to its real-time cyber threat database. This move aims to address the 22% of IT decision-makers who identify the lack of continuous vulnerability assessment as a significant gap in their security. Source: SecurityBrief UK
2. Critical Browser Wallet Vulnerabilities Enable Unauthorized Fund Transfers: A new exploit has been discovered in browser wallets that allows unauthorized fund transfers. The danger of these vulnerabilities lies in the absence of warning or required action from the victims. Source: GBHackers
3. Cycode Adds AI Tools and Runtime Protections for Development Security: Cycode has enhanced its security offerings by adding AI tools and runtime protections to detect vulnerabilities. This development aims to provide robust security for the software development process. Source: MSSP Alert
4. Armis Expands Vulnerability Exposure and Assessment Capabilities: In response to the escalating scale and sophistication of cyberattacks, Armis has expanded its vulnerability exposure and assessment capabilities. This proactive approach aims to reduce risk and enhance security. Source: Help Net Security
5. CISA Flags Critical ICS Vulnerabilities in Siemens, Schneider Electric, ABB Equipment: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released five advisories highlighting critical vulnerabilities in industrial control systems (ICS) from Siemens, Schneider Electric, and ABB. These advisories serve as a stark warning to operators due to the increasing frequency and severity of cyberattacks on industrial infrastructure. Source: GBHackers

Vulnerabilities & Patches

1. GitLab Patch Release: 17.11.1, 17.10.5, 17.9.7: GitLab has released a new patch to mitigate a vulnerability (CVE-2025-1763) reported through their HackerOne bug program. Users are advised to update to the latest release. Source: GitLab.
2. Critical bugs in Siemens, Schneider Electric gear top CISA advisory: CISA has issued an advisory on critical vulnerabilities in Siemens and Schneider Electric equipment. Users are advised to apply the recommended patch or workaround for rapid risk awareness. Source: SC Media.
3. ASUS releases fix for AMI bug that lets hackers brick servers: ASUS has released a security update to address a maximum severity flaw (CVE-2024-54085) that could allow attackers to hijack and potentially brick servers. Users are advised to apply the update. Source: Bleeping Computer.
4. FireEye EDR Vulnerability Allows Attackers to Execute Unauthorized Code: A vulnerability in FireEye EDR (CVE-2025-0618) allows attackers to execute unauthorized code. Users are advised to apply vendor-provided updates as they become available. Source: GBHackers.
5. Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls: Zyxel has released patches for privilege management vulnerabilities (CVE-2025-1731 and CVE-2025-1732) in its USG FLEX H Series Firewalls. Users are advised to apply the patches. Source: Cybersecurity News.

Podcasts

1. Trump Says They're Foreign Gang Members. Are They?: This podcast episode by The New York Times explores the claims made by Donald Trump about foreign gang members and deportations. Julie Turkewitz, the Andes bureau chief for The New York Times, provides an in-depth analysis. Source: New York Times
2. Top Prescott Podcasts | CyberTraps, Designing Better Communities, and Online Portals: This episode from SignalsAZ discusses various topics including CyberTraps, community design, and online portals. The episode features Guy Roginson and Elicia. Source: SignalsAZ
3. Out of the Dark | The Cyber Trap You're Probably Falling Into (And How to Stop It): This podcast episode is a guide for anyone who wants to stay safe in the digital world, discussing common cyber traps and how to avoid them. Source: SignalsAZ
4. Blue Goat Cyber talks medtech cybersecurity at DeviceTalks Boston 2025: In this episode of DeviceTalks Weekly Podcast, Host Tom Salemi tracks the career of CorVista Health CEO Adrian Lam, discussing the intersection of medtech and cybersecurity. Source: Medical Design and Outsourcing
5. Innovation Law Insights 23 April 2025 | DLA Piper: This podcast episode from DLA Piper provides insights into cybersecurity obligations in the context of innovation law. It features Dario Evangelista, Deputy General Counsel at Betsson. Source: DLA Piper

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', remember that the world of cybersecurity is ever-evolving. With Armis offering free access to real-time cyber threat databases and AI tools being added for development security, it's clear that the fight against cyber threats is a continuous one. Critical vulnerabilities are being identified and addressed, with companies like Armis and CISA issuing warnings and advisories. Patch releases and updates are being rolled out to mitigate these risks, highlighting the importance of staying updated and vigilant in this digital age. In addition, our podcast section offers a wealth of knowledge from experts in the field, discussing everything from cyber traps to data resilience. These resources are invaluable in staying informed and prepared in the face of potential cyber threats. Remember, cybersecurity is not just an IT issue, but a shared responsibility. So, don't keep this valuable information to yourself. Share 'ONSEC Cyber Daily' with your friends and colleagues to ensure they too are equipped with the latest in cybersecurity news and updates. Stay safe, stay informed, and we'll see you in the next edition of ONSEC Cyber Daily.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn