Welcome to your daily dose of ONSEC Cyber Daily, where we keep you updated on the latest cybersecurity news. Today, the FBI has issued a major warning for phone and computer users, highlighting the risk of cyber actors exploiting known vulnerabilities. This comes on the heels of an alert from the Indian government, warning of 'high risk' for Apple iPhone and iPad users due to a vulnerability that has escalated the cyberwar between India and Pakistan. In the world of automation, we delve into why vulnerability management automation is crucial in reducing alert fatigue and strengthening system and network security. Meanwhile, law enforcement is making strides in taking down proxy botnets used by cybercriminals, adding a layer of complexity to tracking their illicit activities. We also explore the urgent cybersecurity alert issued by the FBI regarding 13 router models vulnerable to cyber attacks. This has sparked a 320% surge in cybersecurity interest following devastating attacks that exposed the industry's vulnerability. In the realm of patches and updates, Apple has released security patches to fix critical data exposure flaws, and Asus has patched a RCE flaw in DriverHub. We also discuss the pressure on SonicWall to adopt secure-by-design principles due to resurfacing security flaws. Finally, we bring you the latest from the podcast world, with a new episode of Unlocked 403 discussing how to counter online disinformation, and a roundup of the top 5 cybersecurity podcasts to look out for in 2025. Stay tuned for more updates and remember, your security is our priority.

Exploits Alert

1. FBI Announces Major 'Warning' For Phones and Computers: The FBI has issued a warning about cyber actors exploiting known vulnerabilities in end-of-life routers using variants of TheMoon malware botnet. Source: Men's Journal
2. Indian govt issues 'high risk' warning for Apple iPhone, iPad users: The Indian government has issued a cybersecurity advisory for iPhone and iPad users due to a vulnerability that escalates the cyberwar between India and Pakistan. Source: Communications Today
3. Vulnerability Management Automation: Here's Why You Need it: Cybersecurity vulnerabilities are weaknesses in a system or network that can be exploited. Automation of vulnerability management can reduce alert fatigue and improve prioritization. Source: Security Boulevard
4. Law enforcement takes down proxy botnets used by criminals: Law enforcement agencies have taken down proxy botnets used by cybercriminals to veil their traffic, complicating tracking. The botnets targeted IoT and SOHO devices in the residential IP space. Source: Help Net Security
5. SonicWall Under Pressure as Security Flaws Resurface: SonicWall, a network security company, is under pressure as security flaws resurface. The company is involved in vulnerability management and cybersecurity. Source: MSSP Alert

Vulnerabilities & Patches

1. Apple Security Update: Multiple Vulnerabilities in macOS & iOS Patched: Apple has patched several vulnerabilities, including a significant one, CVE-2025-31260, affecting Apple Intelligence Reports. This update is crucial to prevent sensitive data exposure. Source: cybersecuritynews.com
2. Apple Releases Security Patches to Fix Critical Data Exposure Flaws: Another critical vulnerability, CVE-2025-31209, was found in the CoreGraphics subsystem of Apple devices. This flaw could allow attackers to extract protected graphical data. Source: gbhackers.com
3. Asus Patches RCE Flaw in DriverHub: Asus has patched two security vulnerabilities, including a remote code execution (RCE) flaw, in its DriverHub tool. The vulnerabilities are identified as CVE-2025-3462 and CVE-2025-3463. Source: candid.technology
4. iPhone 16e Owners Should Update to iOS 18.5 Right Now: Apple has patched a vulnerability, CVE-2025-31214, in iOS 18.5. iPhone 16e owners are advised to update their devices immediately. Source: macworld.com
5. SonicWall Faces Renewed Pressure to Adopt Secure-by-Design Principles: SonicWall has patched vulnerabilities CVE-2025-32820 and CVE-2025-32821, which may be under active attack. The company collaborated with security firm Rapid7 to address these issues. Source: scworld.com

Podcasts

1. Unlocked 403 cybersecurity podcast (S2E2): This episode focuses on countering online disinformation. It includes an interactive quiz that tests listeners' ability to distinguish between deepfakes and reality. A great resource for enhancing critical thinking skills in the digital age. Source: WeLiveSecurity.
2. Security Clearance Careers Podcast: This episode discusses the Special Ops' emphasis on agility, technology, and talent during SOF Week 2025. It encourages listeners to stay mission-ready and tech-savvy. Source: ClearanceJobs.
3. Discussion of Stephen Miller Remarks on Suspension of Habeas Corpus & Path Ahead: This podcast episode features a discussion on the constitutional law on suspension of habeas and the context of Rümeysa Öztürk's release. It provides a deep dive into legal aspects of cybersecurity. Source: JustSecurity.
4. The Daily - 'My Miserable Week in the “Happiest Country on Earth': This episode from The New York Times' podcast series 'The Daily' provides an interesting perspective on happiness and societal norms. While not strictly cybersecurity-related, it offers a unique viewpoint on global perceptions. Source: The New York Times.
5. The Top 5 Cybersecurity Podcasts to Look Out for In 2025: Hosted by Jack Rhysider, this podcast offers true tales of hackers, cybercrime, and cyber espionage. It's not only informative but also exciting, making it a must-listen for anyone interested in cybersecurity. Source: HackerNoon.

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found this information valuable and it helps you stay one step ahead of the cyber threats lurking in the digital shadows. Remember, knowledge is power in the world of cybersecurity. In a world where cyber threats are evolving faster than ever, it's crucial to stay informed. If you found this newsletter helpful, why not share it with your friends and colleagues? Together, we can build a safer digital community. Stay safe, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'. Until then, keep your data secure and your systems updated. Remember, the best defense is a good offense. Share 'ONSEC Cyber Daily' with your network and let's make the cyber world a safer place, one newsletter at a time.

x.com

X (formerly Twitter)

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn