Good morning ONSEC Cyber Daily readers! Today's newsletter is packed with critical updates and alerts that you can't afford to miss. Chinese hackers are on the prowl, actively exploiting an Ivanti Connect Secure vulnerability. Meanwhile, Cisco is sounding the alarm over the active exploitation of a critical flaw in its systems. And it's not just Cisco - attackers are leveraging static admin credentials in Cisco's Smart Licensing Utility, underscoring the need for constant vigilance and timely updates. Speaking of updates, the UAE has issued a 'critical' cyber alert for Apple users, urging them to apply security updates to protect their devices. And Mandiant is warning of attacks on a newly-disclosed Ivanti remote takeover threat, emphasizing the importance of patch deployment. But it's not just about the big names. WinRAR is grappling with a "Mark of the Web" bypass vulnerability, and CrushFTP is dealing with the fallout from a vulnerability exploitation following a disclosure mix-up. In other news, Google's Quick Share for Windows has a vulnerability that allows remote code execution, and SonicWall's firewall vulnerability enables unauthorized access. And if you're looking for some insightful discussions on these issues and more, we've got a roundup of the latest podcast episodes on cybersecurity trends, local hacks, and the rise of ransomware. Stay safe, stay updated, and stay tuned to ONSEC Cyber Daily for your daily dose of cybersecurity news and alerts.

Exploits Alert

1. Chinese Hackers Exploit Ivanti Connect Secure Vulnerability: Chinese hackers are actively exploiting a vulnerability in Ivanti Connect Secure. Users are urged to update their systems to the latest version to mitigate the risk. Source: Cyber Daily.
2. Ongoing Attacks Exploit Critical Cisco CSLU Flaw: Cisco has issued an urgent warning about an actively exploited critical vulnerability in its software. Administrators are advised to apply the necessary patches immediately. Source: MSSP Alert.
3. Attackers Leverage Cisco Smart Licensing Utility Static Admin Credentials: Attackers are exploiting static admin credentials in Cisco's Smart Licensing Utility. Users are advised to subscribe to breaking news email alerts for the latest updates on this vulnerability. Source: Help Net Security.
4. WinRAR "Mark of the Web" Bypass Vulnerability: A vulnerability in WinRAR's "Mark of the Web" feature allows attackers to execute arbitrary code. Users are advised to update their software to the latest version to protect against this exploit. Source: Cybersecurity News.
5. UAE Cyber Alert for Apple Users: The UAE has issued a critical cyber alert for Apple users, urging them to apply the latest security updates to address vulnerabilities and protect their devices. Source: Khaleej Times.

Vulnerabilities & Patches

1. CVE-2025-22457: Ivanti Remote Takeover Threat: A high-impact vulnerability in Ivanti's software allows attackers to exploit unpatched systems. Despite being initially considered low risk, the threat actor UNC5221 found a way to exploit it in earlier versions. It's critical for users to deploy the latest patch to mitigate the risk. Source: SC Media, CyberScoop.
2. CVE-2025-2825: CrushFTP Vulnerability Exploitation: A critical vulnerability in CrushFTP was exploited following a disclosure mix-up. The patch was issued on March 21st, but the disclosure process was disrupted when another party published a separate CVE. Users are urged to apply the patch immediately. Source: Dark Reading, Infosecurity Magazine.
3. CVE-2024-45482: B&R APROL Vulnerability: A vulnerability in B&R APROL 4.4-00P5 has been identified. B&R recommends that users apply the patch or upgrade to a non-vulnerable version at their earliest convenience to avoid potential exploitation. Source: CISA.
4. CVE-2024-10668: Google's Quick Share for Windows Vulnerability: Google has addressed a flaw in its Quick Share for Windows that allowed remote code execution. The vulnerability was assigned CVE-2024-10668, and patches have been rolled out via automatic updates. Users are advised to ensure their systems are updated. Source: GBHackers, SecurityWeek.
5. CVE-2024-53704: SonicWall Firewall Vulnerability: A critical vulnerability in SonicWall's firewall allows unauthorized access. The exploitation of CVE-2024-53704 serves as a stark reminder of the importance of immediate patch deployment. SonicWall customers are urged to update all affected devices immediately. Source: GBHackers.

Podcasts

1. Australia and Philippines strengthen partnership against cybercrime: This podcast focuses on the latest trends and technologies used by cybercriminals, including online scams. The episode highlights the strengthened partnership between Australia and the Philippines in combating cybercrime. Source: SBS Filipino
2. Cyber Uncut: In this episode, David Hollingworth and Daniel Croft discuss local hacks and the rise of a new ransomware. They also delve into the 13cabs cyber incident and more Trump administration security issues. Source: Cyber Daily
3. #GINNing Podcast: This episode from the Samuel Ginn College of Engineering features discussions on cyber and critical infrastructure security. It is touted as one of the best podcasts in higher education. Source: Auburn Engineering
4. The Response: Elijah Baucom and Sarah Philips discuss surveillance, cybersecurity, and financial tech for mutual aid in this episode. The podcast aims to provide insights into how communities respond to disasters and crises. Source: Shareable
5. Businessweek Daily: This episode features Google Cloud's Chief Information Security Officer discussing various aspects of cybersecurity. The podcast is available on Spotify and Apple Podcasts. Source: Bloomberg

Final Words

And that's a wrap for today's ONSEC Cyber Daily! We hope you found these updates helpful in staying one step ahead of the cyber threats lurking in the digital shadows. Remember, knowledge is power, and sharing is caring. So, don't keep this valuable information to yourself. Pass it along to your friends and colleagues to help them stay safe in the cyber world. In the face of relentless cyber threats, we must stand together, share information, and learn from each other. So, let's continue to connect, share, and protect each other. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn