Welcome to your daily dose of cybersecurity updates from ONSEC Cyber Daily. Today, we delve into the escalating threats in the cyber world, with NetApp advancing cybersecurity at the storage layer to counter automated attacks and the advent of quantum computing. However, even cybersecurity companies are not immune to these threats, as highlighted by a recent report from SentinelLabs. We also discuss the 'Broken Windows Theory' in cybersecurity and the surge of toll-themed smishing attacks in the US and UK by Chinese cybercriminals. The US cybersecurity authority, CISA, has issued multiple warnings about ongoing cyberattacks exploiting vulnerabilities in Commvault, Brocade Fabric OS, and Active! Mail. In other news, Chrome 136 has been released with a patch for a 20-year-old privacy vulnerability, and Apache Tomcat has released security updates for DoS and Bypass vulnerabilities. We also cover the latest exploits in Broadcom and Commvault flaws, and how an exploited vulnerability has exposed over 400 SAP NetWeaver servers to attacks. In our podcast section, we feature discussions on the enforcement priorities of the second presidential administration, the intersection of hardware security and AI, and the potential of an AI Singularity. We also highlight the latest episodes from RUSI and Boardspan, discussing topics from Trump's true goals to fresh thinking in board governance. Stay tuned for these stories and more, as we keep you updated on the latest in cybersecurity. Stay safe, stay informed with ONSEC Cyber Daily.

Exploits Alert

1. NetApp Advances Cybersecurity at the Storage Layer: NetApp is enhancing its cybersecurity measures to address vulnerabilities as cyberattacks become more automated and quantum computing nears mainstream adoption. The company is focusing on securing the storage layer of its systems. Source: MSSP Alert.
2. Cybersecurity Companies Under Attack: A report from SentinelOne's SentinelLabs reveals that cybersecurity companies are not immune to the threats they defend against. The report highlights the need for these companies to strengthen their own defenses. Source: MSSP Alert.
3. Attacks on vulnerabilities in Commvault, Brocade Fabric OS and Active! Mail: The US cybersecurity authority CISA warns of ongoing cyberattacks targeting vulnerabilities in Commvault, Brocade Fabric OS, and Active! Mail. These attacks underscore the importance of timely patching and system updates. Source: Heise.
4. CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild: CISA has issued an urgent alert about a newly disclosed security flaw in the Commvault Web Server that is being actively exploited. The agency has added the vulnerability to its Known Exploited Vulnerabilities Catalog. Source: GBHackers.
5. CISA Warns of Exploited Broadcom, Commvault Vulnerabilities: CISA has issued a warning about the active exploitation of recently patched vulnerabilities in Broadcom and Commvault. The warning highlights the need for companies to stay vigilant even after patching known vulnerabilities. Source: SecurityWeek.

Vulnerabilities & Patches

1. Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability (CVE-2025-4096): Google has released Chrome 136, addressing a high-severity heap buffer overflow in HTML. The patch for this 20-year-old privacy vulnerability earned a $5,000 reward. Source: cybersecuritynews.com
2. Apache Tomcat Releases Security Updates for DoS and Bypass Vulnerabilities (CVE-2025-31650): Apache Tomcat has released security updates to address a serious vulnerability stemming from incorrect error handling for certain invalid HTTP priority headers. Source: cyberkendra.com
3. Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions (CVE-2025-2783): A vulnerability in Google Chrome that allowed attackers to bypass sandbox restrictions was addressed with a patch rolled out within just five days. Source: gbhackers.com
4. CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database (CVE-2025-1976): CISA has added actively exploited flaws in Broadcom and Commvault to its Known Exploited Vulnerabilities (KEV) database. The flaw in question is a code injection vulnerability. Source: thehackernews.com
5. Critical Linux Kernel Flaw Allows Privilege Escalation (CVE-2025-21756): A critical flaw in the Linux kernel allows for privilege escalation. Linux distributions have issued security advisories and patches are now available for all maintained versions. Source: gbhackers.com

Podcasts

1. The Presumption of Innocence Podcast: Episode 60 - Enforcement Priorities of the Second: This episode discusses the ongoing tensions between the IRS and tax credit applicants, a situation that has persisted over two presidential administrations and five years. The focus is on the pandemic-era Employee. Source: JD Supra.
2. Hardware Security in the Age of AI - EE Times Podcast: In this episode, Arm's chief architect, Richard Grisenthwaite, is welcomed to the show. The discussion revolves around the intersection of hardware security and AI. Source: EE Times.
3. The AI Fix #48: AI Jesus, and is the AI Singularity almost upon us? - Graham Cluley: This podcast, which has won multiple cybersecurity awards, discusses the concept of AI Singularity and its possible arrival. The episode also features a segment on "Hacking the hackers". Source: Graham Cluley.
4. Ep.114 Trump's True Goals and Trench Warfare in the Courts - RUSI: Hosted by Jason Pack, this episode delves into the cyber statecraft of Brazil and how it uses cyber tools to its advantage. The discussion also covers Trump's true goals and the ongoing trench warfare in the courts. Source: RUSI.
5. Boardspan Launches Boardroom Voices Podcast to Spotlight Fresh Thinking in Board Governance: The early episodes of this podcast series tackle board composition, AI risk, and cybersecurity. It is designed for directors and CEOs, offering practical advice for board governance. Source: PR.com.

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. We've covered a lot of ground, from NetApp's advancements in storage layer cybersecurity to the latest vulnerabilities and patches. We've also highlighted some insightful podcast episodes that delve into the intersection of AI and cybersecurity. Remember, in this digital age, staying informed is your first line of defense against cyber threats. So, don't keep this valuable information to yourself. Share ONSEC Cyber Daily with your friends and colleagues. Let's work together to create a safer cyber world. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)