Cyber Daily 5/23: Firefox, Chrome Vulnerabilities Alert by NCERT, German Cyber Agency Warns of Grid Threats, WhatsApp Security Flaws, Chinese Hackers Exploit Cityworks Bug, Multiple CVEs Patched

Cyber Daily 5/23: Firefox, Chrome Vulnerabilities Alert by NCERT, German Cyber Agency Warns of Grid Threats, WhatsApp Security Flaws, Chinese Hackers Exploit Cityworks Bug, Multiple CVEs Patched

Welcome to your daily dose of ONSEC Cyber Daily. Today, we're diving into a world where vulnerabilities are lurking in every corner. From Firefox and Chrome being susceptible to cyber threats, as warned by NCERT, to the German Federal Office for Information Security sounding the alarm on grid vulnerabilities, it's clear that no platform is safe. Even the popular messaging platform, WhatsApp, isn't immune, with the government flagging security loopholes that could potentially allow hackers to launch attacks. Meanwhile, US local governments are under siege from zero-day attacks on Trimble Cityworks, with Chinese-speaking hackers exploiting the Cityworks bug. In the realm of CVEs, we're seeing a flurry of activity. From the Samlify Authentication Bypass Vulnerability (CVE-2025-47949) to critical zero-days found in Versa Networks SD-WAN/SASE Platform, and even Chrome vulnerabilities that allow attackers to execute malicious code remotely, it's a race against time to patch these vulnerabilities. GitLab isn't safe either, with vulnerabilities enabling attackers to launch DoS attacks, while BIND DNS Server Vulnerability is being exploited to crash servers. Cisco is patching high-severity DoS and privilege escalation vulnerabilities, and OpenPGP users are exposed due to CVE-2025-47934. But it's not all doom and gloom. We're also exploring the increasing importance of data mapping in our privacy work, and we've got a host of new podcast episodes to keep you informed and entertained. From the InsuranceERM Weekly podcast discussing the insurance implications of recent high-profile cyberattacks, to KIT365's 'Strictly Cyber' podcast cutting through the cyber security jargon, there's plenty to tune into. So buckle up, and let's navigate this cyber landscape together. Stay safe, stay informed, and stay tuned to ONSEC Cyber Daily.

Exploits Alert

  1. Firefox and Chrome Vulnerable to Cyber Threats, NCERT Warns: NCERT has issued a warning about serious cyberattack vulnerabilities in popular web browsers Firefox and Chrome. Users are advised to update their browsers to the latest versions to mitigate these risks. Source: TechJuice
  2. German Cyber Agency Sounds Warning on Grid Vulnerabilities: The German Federal Office for Information Security has highlighted the energy sector's high risk of hacking. Recent shifts in the sector have increased this risk, prompting the agency to issue a warning. Source: Bank Info Security
  3. Attention WhatsApp users! Govt flags security flaws, issues alert: The government has identified security loopholes in the popular messaging platform WhatsApp. A high-severity security alert has been issued, warning that hackers could potentially exploit these vulnerabilities. Source: MSN

Vulnerabilities & Patches

  1. Trimble Cityworks Zero-Day Attacks on US Local Governments: A vulnerability (CVE-2025-0994) in Trimble Cityworks was patched in January. The asset management system, used by many local and federal government agencies, was targeted by Chinese-speaking hackers. Federal agencies were ordered to patch the vulnerability by February 28. Source: SC Magazine, The Record.
  2. Samlify Authentication Bypass Vulnerability: The CVE-2025-47949 vulnerability allows for authentication bypass in Samlify. Users are advised to track exploitation trends and prioritize patching with confidence. Source: SOCRadar.
  3. Critical Zero-Days in Versa Networks SD-WAN/SASE Platform: Versa has not yet released a patch for the CVE-2025-34025 vulnerability, which allows for privilege escalation and container escape. Source: Infosecurity Magazine.
  4. Chrome Vulnerabilities Allow Remote Code Execution: The most critical issue, CVE-2025-5063, is a "Use after free" vulnerability in Chrome's Compositing system. Users are advised to update their browsers immediately. Source: Cybersecurity News.
  5. GitLab Vulnerabilities Enable DoS Attacks: The patched release resolves CVE-2025-4979, where attackers could expose masked CI/CD variables by analyzing HTTP responses during variable substitution. Source: GBHackers.

Podcasts

  1. We get Privacy for work: The Increasing Importance of Data Mapping - Jackson Lewis: This podcast episode discusses the growing significance of data mapping in maintaining privacy at work. It encourages listeners to reach out with any questions or topics they'd like to be addressed. Source: Jackson Lewis
  2. InsuranceERM Weekly Podcast - Episode two: The second episode of the InsuranceERM Weekly podcast explores climate risks, their connection with EU agriculture, economic capital modelling, and the insurance implications of recent high-profile cyberattacks. Source: InsuranceERM
  3. KIT365 launches 'Strictly Cyber' Podcast: KIT365 has launched a new podcast, 'Strictly Cyber', aimed at empowering business owners and decision-makers with the knowledge they need to better protect their organisations from cyber threats. Source: Love Business East Midlands
  4. Burnout Expert Scott Anderson Shares Surprising Recovery Methods on New Podcast Episode: In this podcast episode, burnout expert Scott Anderson shares unconventional recovery methods, providing insights into mental health and wellness. Source: Yahoo Finance
  5. Take it down or shut it down? - CyberWire: This episode of the CyberWire podcast discusses the dilemma of whether to take down or shut down certain operations in response to cyber threats. Source: CyberWire

Final Words

As we wrap up today's edition of 'ONSEC Cyber Daily', it's clear that the digital landscape is a battlefield. From Firefox and Chrome's vulnerabilities to the German Cyber Agency's warning on grid vulnerabilities, the threats are real and imminent. WhatsApp users, too, are not spared, with the government flagging security flaws. In the US, local governments are under attack with Trimble Cityworks zero-day attacks, while Chinese-speaking hackers are exploiting the same bug. The list of vulnerabilities is long and includes CVE-2025-47949, CVE-2025-34025, CVE-2025-5063, CVE-2025-4979, CVE-2023-5517, CVE-2025-20113, and CVE-2025-47934. These vulnerabilities are serious and require immediate patching. In the podcast world, we're seeing a surge in cybersecurity discussions. From the increasing importance of data mapping to the insurance implications of recent high-profile cyberattacks, the conversation is growing. KIT365's 'Strictly Cyber' podcast is cutting through the jargon, while the CyberWire is encouraging sharing of episodes to spread awareness. The digital world is a complex maze, but with the right knowledge and tools, we can navigate it safely. Remember, awareness is the first step towards protection. So, share this newsletter with your friends and colleagues. Let's build a safer cyber community together. Until tomorrow, stay safe and secure!

x.com
ONSEC.io | LinkedIn
ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.