Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a world where cybersecurity vulnerabilities are being audited, alerts are being issued, and urgent warnings are being sounded. From SK's decision to audit all affiliates for cybersecurity vulnerabilities to the Australian Signals Directorate's alert on Ivanti Endpoint Manager Mobile vulnerabilities, the cybersecurity landscape is buzzing with activity. In the US, the FBI has issued an urgent warning for 13 of the most popular routers, highlighting the increasing threat of cyberattacks. Meanwhile, the UAE Cyber Security Council is urging immediate action on critical Microsoft vulnerabilities. In the training sector, INE Security outlines its top 5 training priorities emerging from RSAC 2025, emphasizing the importance of continuous learning in the face of evolving threats. On the technical front, we're seeing a range of vulnerabilities from Windows Remote Desktop Gateway to Microsoft Defender, all of which are being addressed with patches and updates. In the world of podcasts, we're exploring AI policy, CISO communication, and the world of cybersecurity and cybercrime. Stay tuned for more updates and remember, knowledge is your best defense in the world of cybersecurity.

Exploits Alert

1. SK to audit all affiliates for cybersecurity vulnerabilities: In an effort to identify and patch vulnerabilities, the committee will carry out penetration tests, or simulated cyberattacks, across all SK affiliates. Source: Pulse
2. ASD Issues Alert on Ivanti Endpoint Manager Mobile Vulnerabilities: The Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) has issued an alert on two vulnerabilities, one medium and one high, in Ivanti Endpoint Manager Mobile. Source: Australian Cyber Security Magazine
3. INE Security Alert: Top 5 Takeaways From RSAC 2025: INE Security had a high-impact presence at RSAC 2025, welcoming thousands of visitors to its interactive booth. Source: TechRound
4. FBI issues urgent warning for 13 of the most popular routers in the US: The FBI has issued a warning about thirteen popular routers in the US that are now vulnerable to cyberattacks. Source: TweakTown
5. News Alert: INE Security outlines top 5 training priorities emerging from RSAC 2025: INE Security has outlined the top 5 training priorities emerging from RSAC 2025, following a high-impact presence at the conference. Source: Security Boulevard

Vulnerabilities & Patches

1. Zero-Day Vulnerability in Multiple Fortinet Products (CVE-2025-32756): This vulnerability is being actively exploited in the wild. Fortinet has released an advisory recommending workarounds and patched versions. Source: Security Boulevard
2. SAP NetWeaver Flaw (CVE-2025-31324): This flaw has been exploited by ransomware groups BianLian and RansomEXX. SAP patched this vulnerability on April 24 and released a patch for a second zero-day on May 12. Source: SC Media
3. Samsung Patch for CVE-2025-4632: Samsung patched this 9.8 CVSS flaw, which was exploited to deploy the Mirai botnet after a PoC release. Source: The Hacker News
4. Critical Vulnerability in Windows Remote Desktop Gateway (CVE-2025-26677 & CVE-2025-29831): These vulnerabilities, both rated Important by Microsoft, allow for Denial-of-Service attacks. Microsoft has released security updates addressing both vulnerabilities. Source: GBHackers
5. Microsoft Defender Vulnerability (CVE-2025-26684): This vulnerability allows for unauthorized privilege gain. Microsoft has released silent updates to remediate this issue, prioritizing enterprise endpoints. Source: GBHackers

Podcasts

1. Regulated, Ruthless & Ready: Inside James Hait's Wealth Fortress | Out of the Dark: This podcast episode provides an insight into the world of cybersecurity through the lens of James Hait, a renowned figure in the industry. It explores his strategies for building a cyber resilient fortress. Source: signalsaz.com
2. Hello, P*rv*rt! - Sextortion scams and Discord disasters | Smashing Security podcast: This episode dives into the dark world of sextortion scams, providing listeners with valuable information on how to avoid getting duped, doxxed, or drained. Source: youtube.com
3. On AI policy, states can learn from each other - StateScoop: This podcast episode discusses how different states can learn from each other when it comes to AI policy and cybersecurity services and products. Source: statescoop.com
4. MedCity Pivot Podcast: Chat with Megan Zakrewsky - YouTube: In this episode, Katie Adams chats with Megan Zakrewsky, vice president of product at Veradigm, discussing various topics related to cybersecurity. Source: youtube.com
5. CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - SC Media: This podcast episode discusses the challenges and trends in CISO communication and hiring, particularly in the context of combating threats and penetration testing. Source: scworld.com

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', we can't help but reflect on the interconnectedness of our digital world. From SK's comprehensive audit of all affiliates for cybersecurity vulnerabilities to the Australian Signals Directorate's alert on Ivanti Endpoint Manager Mobile vulnerabilities, it's clear that cybersecurity is a global concern. We've also seen how organizations like INE Security are stepping up their game, offering top-notch training and continuous practice to bridge the gap between vulnerability alerts and effective defense. Meanwhile, the FBI's urgent warning about popular routers in the US reminds us that even our everyday devices can be vulnerable to cyberattacks. In the face of these challenges, it's more important than ever to stay informed and vigilant. That's why we're here, delivering the latest cybersecurity news and insights straight to your inbox. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's work together to create a safer, more secure digital world. Stay safe, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'.

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)