Welcome to your daily dose of ONSEC Cyber Daily. Today, we delve into the world of cyber vulnerabilities and the relentless efforts of cybercriminals to exploit them. We kick off with the ToddyCat APT group, who have cleverly exploited a vulnerability in ESET's Command Line Scanner to conceal their tools. Meanwhile, a new WinRAR flaw has been discovered that silently bypasses Windows security, giving attackers full control without any warning. In response to these threats, N-able is strengthening its endpoint oversight with built-in vulnerability management. However, a Python JSON Logger vulnerability has been identified that allows remote code execution, highlighting the ongoing battle between security and cybercrime. Apple users are also on high alert due to potential threats that could lead to data theft, device hijacking, or disruption of normal operations. In response to these escalating threats, NIST has revised its incident response for cybersecurity risk management. We also cover a critical pgAdmin vulnerability that could lead to data breaches and system disruptions, and a warning from cybersecurity experts about a European country that could be shut down by the U.S. in just an hour. In hardware news, vulnerabilities in Hitachi Energy, ABB, and B&R ICS devices pose a critical infrastructure threat. Ivanti is also under the spotlight with its vulnerability CVE-2025-22457 being actively exploited. In the world of updates and patches, Google has addressed two actively exploited vulnerabilities in a recent security update, and NIST has marked all CVEs prior to Jan. 1, 2018, as 'deferred'. Finally, we wrap up with a roundup of the latest cybersecurity podcasts, including an episode with host Kym Bergmann on the Asia Pacific Defence Reporter, the CyberWire's UK Apple showdown, and the CISO Series' episode on getting visibility into SaaS with Nudge Security. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Exploits Alert

1. ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability: The notorious ToddyCat APT group has exploited a previously unknown vulnerability in ESET's Command Line Scanner to conceal their cyberattack tools. Source: GBHackers
2. MotW Bypassed: Zero Warning, Full Control – New WinRAR Flaw Silently Bypasses Windows Security: A new vulnerability in WinRAR allows attackers to silently bypass Windows Security, giving them full control without any warning. Source: Security Newspaper
3. N-able Strengthens Endpoint Oversight with Built-in Vulnerability Management: N-able has enhanced its endpoint oversight capabilities by integrating vulnerability management into its platform. Source: MSSP Alert
4. Python JSON Logger Vulnerability Allows Remote Code Execution - PoC Released: A vulnerability in Python JSON Logger has been discovered that allows remote code execution. A proof of concept has been released. Source: Cybersecurity News
5. WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334): A flaw in WinRAR that allowed bypassing of the Mark of the Web (MotW) has been fixed. Users are urged to update as soon as possible. Source: Help Net Security

Vulnerabilities & Patches

1. Google addresses 2 actively exploited vulnerabilities in security update: Google has released a security update to address two actively exploited vulnerabilities, including CVE-2024-53197, which is part of a zero-day exploit chain. Users are urged to update their devices to stay protected. Source: CyberScoop.
2. NIST marks all CVEs prior to Jan. 1, 2018, as 'deferred': The National Institute of Standards and Technology (NIST) has marked all Common Vulnerabilities and Exposures (CVEs) prior to 2018 as 'deferred'. However, NIST will continue to prioritize updates to the enrichment data for the CVEs if new information indicates it's necessary. Source: SC Media.
3. Google fixes Android zero-days exploited in attacks, 60 other flaws: Google has patched a high-severity privilege escalation security vulnerability (CVE) and 60 other flaws in its March 2025 Android security update. The update also addresses one of the zero-days that have been exploited in attacks. Source: Bleeping Computer.
4. MediaTek Security Update - Patch for Vulnerabilities Affecting Smartphone, Tablet, & other Devices: MediaTek has released a security update to address CVE-2025-20654, a critical vulnerability in the WLAN service component of multiple devices. Users are advised to apply the patch as soon as possible to avoid potential attacks. Source: Cybersecurity News.
5. WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334): A flaw (CVE-2025-31334) that allowed attackers to bypass Windows' Mark of the Web (MotW) security warning and execute arbitrary code has been fixed in WinRAR 7.11. Users are strongly advised to update to the latest version. Source: Help Net Security.

Podcasts

1. APDR Podcast Episode 88 with host Kym Bergmann - Asia Pacific Defence Reporter: This episode discusses the national security apparatus and its implications. The host suggests that moral support should not be offered to countries like Canada or Denmark. Source: APDR
2. UK Apple showdown gonna be public - CyberWire: This episode talks about the upcoming public showdown involving Apple in the UK. The host, Dave Bittner, is a security podcast host and one of the founders at CyberWire. Source: CyberWire
3. Best of Cyber April Fools, Tons of Free Tools, runZero positioned to disrupt? – ESW #401: This episode covers a range of topics including the best of Cyber April Fools, a variety of free tools, and the potential disruption by runZero. Source: SC World
4. CIO Podcast – Episode 93: California Laws and Regulations with David T. Ford: In this episode, David T. Ford, VP of Health Information Technology, discusses California laws and regulations. Source: Healthcare IT Today
5. Getting Visibility into SaaS with Nudge Security - CISO Series: Russell Spitler, co-founder and CEO of Nudge Security, discusses gaining visibility into SaaS in this episode. Source: CISO Series

Final Words

And that's a wrap for today's edition of ONSEC Cyber Daily. From the ToddyCat attackers exploiting ESET's vulnerability to the new WinRAR flaw bypassing Windows security, it's clear that the cyber landscape is constantly evolving. But remember, knowledge is power. By staying informed, we can all play a part in fortifying our defenses and making the digital world a safer place. If you found today's newsletter helpful, why not share it with your friends and colleagues? After all, cybersecurity is a team sport. Let's work together to stay one step ahead of the cybercriminals. Until tomorrow, stay safe and stay vigilant. Remember, in the world of cybersecurity, the only constant is change. Keep up with that change right here at ONSEC Cyber Daily.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)