Hello ONSEC readers,

Welcome to today’s edition of ONSEC Cyber Daily, where we spotlight the latest high-risk alerts, massive data breaches, and critical vulnerabilities shaking the cybersecurity landscape.

First, a high-risk alert has been issued for Google Chrome users, urging immediate updates to defend against escalating threats. Cyber hygiene starts with keeping your software up to date. In parallel, a devastating data breach has exposed over 200 million user records, including sensitive email addresses — significantly increasing the risk of targeted cyberattacks and phishing attempts.

Meanwhile, probing activity has been detected on Palo Alto Networks’ GlobalProtect portals, reminding us that some of the biggest threats may be hiding within our own networks. Apple users in India are also on notice, as the government has issued a high-risk alert urging immediate device updates to protect against emerging cyber threats.

On the vulnerabilities front, a critical patch has been released for Ivanti's buffer overflow flaw (CVE-2025-22457), but the threat remains serious. Attackers are also actively exploiting a static credential vulnerability (CVE-2024-20439) in Cisco's Smart Licensing Utility. Additionally, Microsoft has addressed a security feature bypass vulnerability in Windows Mark-of-the-Web (CVE-2025-24061), thanks to a disclosure by EncryptHub.

Stay with us as we break down these urgent updates and more in today’s ONSEC Cyber Daily. Stay informed, stay secure.

Exploits Alert

1. High-Risk Alert for Google Chrome Users: The government has issued a high-risk alert for Google Chrome users, urging them to update their browsers immediately to avoid falling prey to cyber threats. Regular software updates are crucial in maintaining cybersecurity. Source: Punekar News.
2. Over 200 Million User Records Exposed in Massive Data Breach: A cybersecurity alert has been issued following a massive data breach that exposed over 200 million user records. The exposed data includes email addresses and other personal details, putting affected users at a heightened risk of targeted cyberattacks and phishing scams. Source: TechStory.
3. Probing Activity on Palo Alto Networks GlobalProtect Portals: Cybercriminals are often in the spotlight, but one of the most dangerous threats to your company might be hiding in plain sight, within your own organization. This week, there has been probing activity on Palo Alto Networks GlobalProtect portals. Source: HelpNetSecurity.
4. Government Issues High-Risk Alert for Apple Users in India: Immediate Update Advised: The Indian government has issued a high-risk alert for Apple users, advising them to update their devices immediately to secure against emerging threats and prevent possible cyberattacks. Source: The Hans India.

Vulnerabilities & Patches

1. Critical Alert issued on Ivanti vulnerability: A patch for a buffer overflow vulnerability, CVE-2025-22457, has been released in ICS 22.7R2.6 on February 11, 2025. The vulnerability could potentially allow an attacker to execute arbitrary code. Source: Australian Cyber Security Magazine.
2. Probing activity on Palo Alto Networks GlobalProtect portals: CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, according to CISA. Users are advised to update their systems to the latest version to mitigate the risk. Source: Help Net Security.
3. Microsoft Credits EncryptHub for Disclosing Windows Flaws: Microsoft has patched a security feature bypass vulnerability in its Windows Mark-of-the-Web (MotW), tracked as CVE-2025-24061, with a CVSS score of 7.8. The flaw was disclosed by EncryptHub, a hacker credited with over 618 breaches. Source: The Hacker News.

Podcasts

1. Security Now: The Future of Cybersecurity: This podcast explores the evolving landscape of cybersecurity, discussing the latest trends and threats. It provides insights into how businesses can protect themselves from cyber threats and what the future holds for cybersecurity. Source: Security Now.
2. 3231: How Searchlight Cyber Tracks Threats Before They Strike - Tech Talks Daily: In this episode, Dr. Gareth Owenson, Co-Founder and CTO of Searchlight Cyber, discusses how their technology tracks cyber threats before they become a problem. The podcast offers valuable insights into proactive cybersecurity measures. Source: iHeart.
3. Unbothered Podcast: Influencer Uses Home Security to Catch Cheating Ex: In a recent episode of the 'Unbothered Podcast,' influencer Alexa Losey shared her experience of using home security camera footage to confirm her suspicions about her ex-boyfriend's infidelity. A fascinating exploration of the intersection between personal relationships and technology. Source: People.com
4. CISO Series: BlackLock Exposed, Microsoft's Account Bypass: The latest episode of the 'CISO Series' podcast delves into the exposure of BlackLock hackers and Microsoft's account bypass issue. The podcast offers an in-depth look at the week's most significant cybersecurity headlines, providing listeners with valuable insights. Source: CISO Series
5. Smashing Security: Cybersecurity for the Masses: Smashing Security breaks down complex cybersecurity topics into easy-to-understand language, making it an ideal podcast for those new to the field. It covers a wide range of topics, from data breaches and hacking incidents to the latest cybersecurity news. Source: Smashing Security.

Final Words

As we wrap up today’s edition of ONSEC Cyber Daily, it’s important to remember that the digital world we rely on for convenience and connection also comes with significant risks. From the urgent alert for Google Chrome users to the massive breach exposing over 200 million user records, it’s clear that cyber threats are ever-present and evolving.

The recent probing activity on Palo Alto Networks GlobalProtect portals and the critical vulnerability identified in Ivanti systems highlight that even the strongest defenses can have hidden weaknesses — sometimes right within our own networks.

The key takeaway today: vigilance is essential. Regularly updating your software, applying security patches promptly, and maintaining good cyber hygiene are crucial steps to protect yourself and your organization. Cybersecurity is not just an IT responsibility — it's a collective effort.

Let’s work together to create a safer digital world. Share ONSEC Cyber Daily with your friends and colleagues, and help us spread awareness. Stay informed, stay secure, and we’ll see you in the next edition of ONSEC Cyber Daily.

Stay safe and stay updated!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)