Cyber Daily 5/16: SonicWall and Ivanti Vulnerabilities, CISA Alerts on Windows and Fortinet Exploits, Google and India Warn Android Users

Cyber Daily 5/16: SonicWall and Ivanti Vulnerabilities, CISA Alerts on Windows and Fortinet Exploits, Google and India Warn Android Users

Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a whirlwind of vulnerabilities and patches that have been making waves in the cyber world. SonicWall has confirmed an encoded URL server-side request forgery vulnerability, while the Australian Signals Directorate (ASD) has issued an alert on Ivanti Endpoint Manager Mobile vulnerabilities. In other news, the Indian government and Google have issued an urgent security alert for millions of Android users, warning of serious vulnerabilities affecting Android versions. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) has been busy issuing alerts on active exploitation of zero-day vulnerabilities in multiple Fortinet products and five active zero-day Windows vulnerabilities. We also take a look at the role of Initial Access Brokers in modern attacks and the ESG imperative in safeguarding critical infrastructure. Nigeria's oil sector is also under threat, with a rise in attacks by "unsophisticated" actors. In the world of patches, Samsung has patched a MagicINFO 9 Server vulnerability exploited by attackers, and Google has released an emergency Chrome update due to a cross-domain data leak vulnerability. Finally, we'll explore the latest in cybersecurity podcasts, discussing topics from bypassing Bitlocker encryption to confronting the threat of cyberattacks and expanding internationally. Stay tuned for more updates and remember, stay safe in the cyberspace!

Exploits Alert

  1. SonicWall Confirms Encoded URL Server-Side Request Forgery Vulnerability: SonicWall's Product Security Incident Response Team (PSIRT) has confirmed a server-side request forgery vulnerability. This exploit could allow an attacker to craft malicious requests to the server. Source: Australian Cyber Security Magazine.
  2. CISA Warns of Five Actively Exploited Windows 0-Day Vulnerabilities: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about five zero-day vulnerabilities in Windows that are currently being exploited. Source: Cyber Security News.
  3. Indian Government and Google Warn Millions of Android Users: Critical Flaw in Versions 13: The Indian government and Google have issued a security alert for millions of Android users, warning of serious vulnerabilities affecting Android versions 13 to 15. Source: The Logical Indian.
  4. CISA Alerts on Active Exploitation of Zero-Day Vulnerability in Multiple Fortinet Products: CISA has issued an alert about an actively exploited zero-day vulnerability in multiple Fortinet products. Given the history of Fortinet vulnerabilities being leveraged by both cybercriminals and nation-state actors, security experts warn that this could be a significant threat. Source: GBHackers.
  5. Samsung patches MagicINFO 9 Server Vulnerability Exploited by Attackers: Samsung has patched a vulnerability in its MagicINFO 9 Server that was being exploited by attackers. The exploit was published online, prompting Samsung to issue an alert and patch the vulnerability. Source: Help Net Security.

Vulnerabilities & Patches

  1. Google Chromium 0-Day Vulnerability (CVE-2025-4664): Google has released an emergency patch for a zero-day vulnerability in its Chromium browser that is being actively exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) has urged users to update their browsers immediately. Source: cybersecuritynews.com
  2. Windows 0-Day Vulnerabilities (CVE-2025-30400): Microsoft has patched five zero-day vulnerabilities that were being actively exploited. These vulnerabilities were part of the company's May 2025 Patch Tuesday update. Users are advised to install the updates as soon as possible. Source: cybersecuritynews.com
  3. Samsung MagicINFO Server Bug (CVE-2025-4632): A patch bypass for a vulnerability in Samsung's MagicINFO 9 Server, disclosed last year, has been exploited by threat actors in the wild. Samsung has provided patches for this critical path traversal vulnerability. Source: darkreading.com
  4. Ivanti EPMM Zero-Days (CVE-2025-4428): Ivanti has patched a zero-day vulnerability in its Endpoint Manager Mobile that could result in remote arbitrary code execution. The company has urged immediate application of the patches. Source: scworld.com
  5. SAP NetWeaver Vulnerability (CVE-2025-31324): Threat actors are actively exploiting a vulnerability in SAP NetWeaver. Researchers recommend that SAP administrators patch their systems as soon as possible to mitigate the risk. Source: darkreading.com

Podcasts

  1. POTS and Shots: No Headaches, No Hassles: This podcast discusses the increasing threat of cybercrime in the telecom sector. Douglas Green provides insights on why partners are opting for TELCLOUD. Source: Telecom Reseller
  2. Bypassing Bitlocker encryption - CyberWire: Episode 2309 of the CyberWire Daily Podcast delves into the state of modern web application security. The discussion revolves around bypassing Bitlocker encryption. Source: CyberWire
  3. Cyber attack comms: 'We were rabbits in headlights' – PRWeek podcast: This podcast episode from PRWeek UK discusses the communication challenges during a cyber attack, likening the experience to being 'rabbits in headlights'. Source: PR Week UK
  4. State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics: This crossover episode of The Consumer Finance Podcast and Regulatory discusses the formation of a new privacy task force by State Attorneys General, signaling a shift in regulatory power dynamics. Source: Regulatory Oversight
  5. Confronting the threat of cyberattacks and expanding internationally: The latest episode of The Debrief discusses the challenges of confronting cyber threats while expanding internationally. Source: Management Today

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We've covered a lot of ground, from SonicWall's confirmed vulnerability to the Indian government's alert for Android users, and the active exploitation of zero-day vulnerabilities in multiple Fortinet products. We've also delved into the ransomware supply chain, the ESG imperative in safeguarding critical infrastructure, and the vulnerability of Nigeria's oil sector to cyberattacks. Remember, staying informed is the first step in staying secure. So, don't forget to share this newsletter with your friends and colleagues to help them stay one step ahead of cyber threats too. In tomorrow's edition, we'll be bringing you more updates on the latest vulnerabilities, patches, and cyberattacks. We'll also be featuring some insightful cybersecurity podcasts that you won't want to miss. Stay safe, stay informed, and see you in the next edition of 'ONSEC Cyber Daily'.

ONSEC.io | LinkedIn
ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.
x.com